In-App Purchase Validation

This document provides guidelines and instructions for validating In-App Purchases in your app. You have two options for validation: Public Key Check and Remote Check. The public key check verifies the transaction's credentials with a public key, while the remote check involves sending transaction information to remote servers for validation. In both cases, it is required to implement the client-side code within your Android application.

Client-side code

The app sends the purchase receipt to your server, through this method:

  • Using the Android SDK directly (Native Android IAB)
    Follow the instructions to implement the client-side code within your Android application using the Android SDK.

This is what the receipt will look like:

  "Store": "storeName",
  "TransactionID": "anIdWithNumbersAndLetters",
  "Payload": {
    "ItemType": "inapp",
    "ProductId": "full_trajectory",
    "GameOrderId": "anIdWithNumbersAndLetters",
    "OrderQueryToken": "aLargeIdWithNumbersAndLetters",
    "StorePurchaseJsonString": {
      "developerPayload": "unity://unity3d.comcpOrderId=anIdWithNumbersAndLetters&payload=",
      "itemType": "inapp",
      "orderId": "catappult.inapp.purchase.anIdWithNumbersAndLetters",
      "originalJson": {
        "orderId ": "anIdWithNumbersAndLetters",
        "packageName": "",
        "productId ": "yourSKU",
        "purchaseTime": 123456789,
        "purchaseToken": "catappult.inapp.purchase.anIdWithNumbersAndLetters",
        "purchaseState": 0,


Public Key Check

The Public Key Check method can be used to add an extra layer of security by verifying the transaction's credentials within your app. This process uses a unique public key to check the integrity of the purchase. For detailed implementation instructions, please check the documentation provided for the Local Check method.


Remote Check

Your server needs to be able to receive the necessary information from your application and send it to our server for validation. It then processes the response from our server and relays the appropriate result back to your application.