LogoLogo
  • 🕴️ QUICK START GUIDE
  • DASHBOARD
    • Management
      • Add a new Game
        • Create a Game
        • Set-Up
        • Review Guidelines
      • Version control
        • Add a Build
        • Handle branches
        • Upgrade Versions
      • API Keys
    • NFT Collections
      • Add a Collection
      • Staking Support
    • Beta Codes
      • Create a Beta Code
    • Tournaments
      • Set Up
      • Create Tournament
    • In-App Purchases
      • Developer
        • Set up your Store
        • Submit Product
        • Client Integration
        • Handle Post-Payments
      • Payment Gateways
      • Review Guidelines
    • Elixir Invisible Wallet
      • Gas Manager
        • Create Gas Manager
        • Handle Balances
    • Reward Center
      • Game Quests
        • Add a Stat
        • Create a Quest
        • Test Your Quest
        • Submit your Quest
        • Update Progress
        • Review Guidelines
  • Elixir Gamer Services
    • 🏁Kick-off
    • Unity
      • Getting Started
        • Overview
        • Updates
          • GitHub
          • Unity Asset Store (Coming Soon)
      • Overlay
        • Overlay Actions
        • Event Simulator
          • SDK Events
      • Authentication
        • Desktop
        • Mobile
      • Reference
    • Unreal Engine
      • Getting Started
        • C++ Project
        • Blueprints Project
  • API
    • Elixir REST API
      • 🖥️Desktop Auth
      • 📱Mobile Auth
      • 🔐RSA Signature
        • 🔢C# Example
        • 🔢Node.js Example
      • 🧔User
      • 👾NFTs
      • 🏆Tournaments API
      • ❓Game Quests
    • How To
      • Link Elixir account to a game API account
Powered by GitBook
On this page
  • Store API Keys
  • Set your server webhook
  • Post-payment & Signature
  • Elixir Store Server Response
  • Signature Code Sample

Was this helpful?

Export as PDF
  1. DASHBOARD
  2. In-App Purchases
  3. Developer

Handle Post-Payments

PreviousClient IntegrationNextPayment Gateways

Last updated 1 year ago

Was this helpful?

Store API Keys

Generating an in-app purchase key enables Elixir to authenticate and validate requests between the client and server or server-to-server, specifically about in-app purchases. This includes authentication for Elixir Store server webhooks designed for post-payment events.

Set your server webhook

  1. Go to your Game API Keys section

  2. Scroll to the In-App Purchases Key

  3. Click on the "Edit" button and modify the input

Post-payment & Signature

To secure the server-to-server communication for in-app purchase post-payment events, we employ an RSA signature process. The client possesses the capability to validate the signed webhook received from the Elixir Store server using their public key.

Elixir Store Server Response

// 
{
  "order": {                                             // List of products purchased in the order
    "products": [
      {
        "_id": "65413fd1bb194c67b621c1ca",
        "sku": "candies-250",                            // SKU of the product
        "name": "250 Candies (Tinies)",
        "description": "",
        "imageUrl": "example",                           // Product image URL
        "status": "ACTIVE",                              // Product status
        "category": "IN_APP",                            // Product category
        "disabled": false,                               // Product is enabled
        "clientId": "tinies",                            // Client ID
        "createdAt": "2023-10-31T17:56:33.410Z",
        "updatedAt": "2023-10-31T17:56:33.410Z",
        "price": 50,                                     // Total price (considering quantity and discount)
        "baseCurrency": null,                            // Base currency used in case of a conversion (set to null if there was no conversion)
        "id": "65413fd1bb194c67b621c1ca",                // Product ID
        "quantity": 2,                                   // Quantity of the product purchased
        "unitBasePrice": 25,                             // Price of the product in unit
        "discount": 0                                    // Product discount
      }
    ],
    "userId": "6a431244-4658-4532-8a06-178e41fff0e7",    // ID of the user that did the purchase
    "totalPrice": 50,                                    // Total price of the order
    "currency": "USD",                                   // Currency of the order
    "rate": 1,                                           // Rate used in case there was a conversion of currency
    "usdAmount": 50,                                     // Total price in USD
    "usdExchangeRate": 1                                 // USD exchange rate
  },
  "signature": "0cbdec9f50e1cd4..."
}

Signature Code Sample

import { createPublicKey, createVerify } from 'crypto'

// Where message its a JSON.stringify from the order object
function verifySignature(signature: string, message: string): boolean {
  try {
    const publicKey = createPublicKey({
      key: Buffer.from(
        process.env['GAME_PUBLIC_KEY'] as string,
        'hex'
      ),
      type: 'spki',
      format: 'der',
    })
    const verifier = createVerify('rsa-sha256')
    verifier.update(message)
    verifier.end()
    const isVerified = verifier.verify(publicKey, signature, 'hex')
    return isVerified
  } catch {
    return false
  }
}

export { verifySignature }