3

We're having problems verifying some of payment transactions (Google In App Billing V3). It looks like data of cumbersome transactions follows a different format than what we can see in transactions we have no problems verifying.

Transactions that we are able to verify

  • OrderId: Two numbers separated with a dot: 92299713162054702728.1224255970239541
  • Signature: Always includes base64 padding at the end, 345 characters long

Transactions that fail to verify

  • OrderId: One number: 5643493869375537013
  • Signature: Is missing base64 padding, 343 characters long

(those are not actual ids)

Adding padding manually when it's missing does not help to verify signatures.

Why are we receiving data in different format? Why are we unable to verify them, even though we have no problems verifying "ordinary" transactions? What should we do / investigate in order to solve this issue?

Maulik
  • 3,316
  • 20
  • 31
kar
  • 741
  • 6
  • 16
  • 1
    Have you managed to resolve this problem? We've been having the same issue and were wondering. – octo Feb 22 '14 at 01:22
  • 2
    I can find many such transactions in logfile every day, and these orderId could not be found in google merchant. I and my colleague guess that these transactions are generated by hackers. – Timothy Zhang Oct 28 '14 at 10:54
  • More or less our conclusion as well... We never tried to (dis-)prove it, but judging by the amount of those failing transactions vs number of customer complaints, we figured it's not a "real" problem. – kar Oct 31 '14 at 08:13

1 Answers1

2

Check this link:

http://developer.android.com/google/play/billing/billing_admin.html#orderId

For transactions dated 5 December 2012 or later, Google Wallet assigns a Merchant Order Number (rather than a Google Order Number) and reports the Merchant Order Number as the value of orderID. Here's an example:

"orderId" : "12999556515565155651.5565135565155651"
For transactions dated previous to 5 December 2012, Google checkout assigned a Google Order Number and reported that number as the value of orderID. Here's an example of an orderID holding a Google Order Number:

"orderId" : "556515565155651"

So I think you can solved it by storing date wise transaction in your database and check the date whether given date is 5 Dec or later then check 1st one else 2nd one.

or

you can also check the developer payload to check whether our transaction is securely done or not. Google play store will give you the same payload that you gave while purchasing the in app product.

For more information check this link for the developer payload link

Hope it will solve your problem.

Community
  • 1
  • 1
Maulik
  • 3,316
  • 20
  • 31
  • 2
    Thanks for the link, I missed it. The thing is, we've only recently integrated the payments. How come we are receiving transactions in an old format? Also, how exactly the developer payload would help me out in this case? – kar Oct 07 '13 at 12:42