On Apr 17, 2013, at 10:44 AM, Andy McKay <[email protected]> wrote:
> > On 2013-02-26, at 2:42 PM, Kumar McMillan <[email protected]> wrote: >> For the app to check that the product was paid for (i.e. postback was >> received), it would need to poll something like: >> >> GET /payment/status/<transactionId> > > > What would be the advantage of doing this over say using receipts. We've > already got the code and infrastructure in place for receipts (although I > admit there would be a few things I'd need to change). But a receipt is a > proof of payment that's signed. It has a built in verification structure if > the developer would like to do so, but with in-app receipts that may or may > not be necessary. > > Receipts don't need to be limited to just the initial app payment. Well, huh, using receipts might actually solve things nicely :) Is this what you're thinking? : When mozPay() completes, it passes a receipt to the JS callback. The app verifies the receipt either on its own server or using the receipt's own verification API. Like app purchases, it could whitelist verification domains to prevent hacks. If that were to work, the app could be purely client side and accept in-app payments similar to how a paid app can be purely client side. Another benefit of using receipts is that an app would not be forced to manage user identity and track purchase history on its own. If the receipt is on device then the item is purchased. -Kumar _______________________________________________ dev-webapps mailing list [email protected] https://lists.mozilla.org/listinfo/dev-webapps
