I have made an Android app for selling digital content where items can be purchased using in-app-billing. I need my server to be aware of the purchase. The decision to deliver app-specific data should be made on the server, not in the client app.
- User buys item X from Android Market.
- Transaction data Y is sent automatically to the server. (Which includes Order ID, Customer’s First Name and Email)
- Server delivers content if Y is valid.
- Server returns the file as link to the client.
- Client is redirect to page inapp. Says “Thanky for your purchase. Click Here to download the file”
How can this be accomplished?
How do I verify that transaction data coming from the Android client (presumably originating from Google servers) is not fake?
Google Server -> Android client -> The server -> Android client
Perhaps this is more of a PHP question than anything else.
The PHP function I’m using
// Fetch all the order details from Woocommerce
$products = array();
$_name = $order->billing_first_name.’ '.$order->billing_last_name;
$_email = $order->billing_email;
$lastOrderId = $order->id;