Getting Unity IAP receipt data to validate with playfab (or somewhere else)
Hello there,
I'm kinda stuck at the moment.
I implemented the Unity IAP system and after making a purchase I receive the receipt.
Now I have to extract values from the receipt to validate the receipt itself, specifically the json/signature for validating the google receipt and the receipt data/purchase price for ios.
I realize the data is there, as http://docs.unity3d.com/Manual/UnityIAPPurchaseReceipts.html says so, but I currently don't know how to access it.
Can you help me with that problem?
Thanks in advance.
Answer by nicholasr · May 24, 2016 at 10:22 PM
@kendogar Sure.
There are a few use-cases: (1) validating the receipt client-side (locally, to block on-device consumption of product for fraudulent purchases) using our CrossPlatformValidator class, (2) validating the receipt server-side (for reporting, not for blocking), and (3) validating the receipt through other means.
(1) I recommend looking at this doc: http://docs.unity3d.com/Manual/UnityIAPValidatingReceipts.html Specifically, look at the "ProcessPurchase" code sample there. It gives you a boolean in your app with the fact of "valid or not".
(2) Unity Analytics will automatically receive Unity IAP transaction logs to generate reports, validating receipts for you server-side if you configure with Analytics your game's cryptographic public keys, showing you what money could be verified cryptographically. Use the Data Explorer in Unity Analytics: https://analytics.cloud.unity3d.com/ > "Data Explorer" > "Metrics and Custom Events" > change the drop-down to various Verified Revenue options to see the info!
(3) If you just want to parse out the receipt data for passing to PlayFab (et al), then I recommend also following the link's instructions of (1). This means adding the Google Play Public Key from your Play Store Developer Console and using the little Unity IAP addition to the Window menu, first.
(3.1) Or if you're feeling adventurous then crack the Unity Receipt field (product.receipt) as it's JSON-wrapped-JSON for GooglePlay, and JSON-wrapped-base64-wrapped-ASN.1 for Apple. MiniJSON is a JSON parser I've had luck with.
var wrapper = (Dictionary<string, object>) MiniJson.JsonDecode (purchaseEventArgs.purchasedProduct.receipt);
if (null == wrapper) {
return;
}
// Corresponds to http://docs.unity3d.com/Manual/UnityIAPPurchaseReceipts.html
var store = (string)wrapper ["Store"];
var payload = (string)wrapper ["Payload"]; // For Apple this will be the base64 encoded ASN.1 receipt
// For GooglePlay payload contains more JSON
if (Application.platform == RuntimePlatform.Android) {
var gpDetails = (Dictionary<string, object>)MiniJson.JsonDecode (payload);
var gpJson = (string)details ["json"];
var gpSig = (string)details ["signature"];
}
Thank you nicholasr, your explanation really cleared things up for me!
Have a wonderful week.
I have followed your instruction with regards to $$anonymous$$iniJson but I am getting an invalid cast exception with it.
could you provide a link which $$anonymous$$iniJson you are using? as I noticed yours is $$anonymous$$iniJson.JsonDecode as compared to $$anonymous$$e $$anonymous$$iniJSON.jsonDecode
string receipt = e.purchasedProduct.receipt;
var wrapper = (Dictionary<string, object>) $$anonymous$$iniJSON.jsonDecode (receipt);
if (wrapper == null) {
throw new InvalidReceiptDataException ();
}
var store = (string) wrapper["Store"];
var transactionID = (string) wrapper["TransactionID"];
var payload = (string) wrapper["Payload"];
var details = (Dictionary<string, object>) $$anonymous$$iniJSON.jsonDecode (payload);
var receiptJson = (string) details["json"];
var signature = (string) details["signature"];
how to get the original order nuber after purchas successful? There seems to be some wrong about the doc。 “ AppleReceipt receipt = new AppleValidator(AppleTangle.Data()).Validate(receiptData);” I can not find "AppleTangle.Data()", it seems not defined。
Answer by GaMeRCOD · Aug 18, 2017 at 02:29 PM
@nicholasr Did you use the same approach for IOS receipt? As the IOS receipt has different parameters so how did you extract the ReceiptData, CurrencyCode and PurchasePrice from the IOS receipt to send to Playfab.
The ProcessPurchase(PurchaseEventArgs) callback has a Product instance in the purchasedProduct field, which contains some of these fields (currency, price). https://docs.unity3d.com/ScriptReference/Purchasing.Product.html
Then, using the IAppleConfiguation, it's possible to extract Apple's binary ASN.1 AppReceipt. https://docs.unity3d.com/$$anonymous$$anual/UnityIAPiOS$$anonymous$$AS.html
Answer by faunaface · Nov 07, 2016 at 04:59 AM
Hi there,
This is all great, could you give more information on how does this work with Samsung Galaxy store? I am using Unity 5.4.1f1 with the latest version of IAP plugins that support Samsung galaxy IAP.
How do I get the receipt for a Samsung transaction? Should be we relying on the Google Playstore receipt validation instead?
Hi @faunaface -
Samsung provides receipt information suitable for Remote Validation.
Local Validation would require additional cryptographic data to be included in transactions from Samsung.
Still, I'll call what we receive a "receipt" for convenience's sake: a "purchaseId". We also receive a "paymentId" which is what we map to "transactionId". We pack the "purchaseId" into the Unity IAP receipt field as a trivial JSON string.
You may already know how to access the Unity IAP receipt field, from your earlier work. After successful purchase, in the app's ProcessPurchase(Purchasing.PurchaseEventArgs e) implementation, the receipt will be available in e.purchasedProduct.receipt. This string is packed up by Unity IAP to contain each App Store's various receipt fields. As suggested above, this string should look something like: {"purchaseId":"d215d9abcd17b12578a21c0ea7d8821747b64939732a3243b538d8bcae245590"}.
The Remote Validation server-to-server API for validating this receipt is described in the Samsung IAP Program$$anonymous$$g Guide "Program$$anonymous$$gGuide_SamsungInAppPurchaseSD$$anonymous$$_v4.0.0.pdf" document: http://developer.samsung.com/iap/guide $$anonymous$$g. call https://iap.samsungapps.com/iap/appsItemVerifyIAPReceipt.as?protocolVersion=2.0&purchaseID=d 215d9abcd17b12578a21c0ea7d8821747b64939732a3243b538d8bcae245590 and parse the response.