Validating a service call
Requests from your server require a shared secret to be passed for security purposes.
If a HTTP 499 is received from a renew call, notify Amazon Apps & Games Services SDK Support.The Receipt Verification Service can be used to enable access to a subscription - purchased through Amazon - on other platforms (such as your website).In this scenario your app receives a receipt when a Subscription is purchased.The Receipt Verification Service can be used to deliver your own In-App purchasable content.In this scenario, your app receives a receipt when content is purchased.Whether you know it or not, every inbound call that comes into your contact center presents an element of risk.
Your success in identifying which callers pose a threat to your customer service environment and which ones don’t depends on how quickly and accurately you can verify the authenticity of each call.
The response objects contain a User ID value that denotes a unique identifier of the purchaser.
The Receipt in the Purchase Response contains a Purchase Token, which is used in conjunction with the User ID to perform an out-of-band server-side validation of the purchase.
The Purchase Token Verification Request call allows you to determine if a given Purchase Token and User ID combination is valid.
Verification requires an HTTPS GET request with the following structure (parameters you supply are in bold): https://appstore-sdk.amazon.com/version/2.0/verify/developer/developer Secret/user/user Id/purchase Token/purchase Token The Receipt Verification Service will respond with one of the following codes indicating the result of the validation check: In the event a Purchase Token is expired (response code 499), the Expired Purchase Token Renewal call is provided for retrieving an updated Purchase Token.
If your call center is waiting to identify callers who are already on the phone, you are already too late.