That guide describes using a purchasing server in between your game and the Steam billing server. I’m wondering if the purchasing server is necessary though, and instead doing the following:
Game makes request to Steam billing server for the user’s country, language, and currency
Game receives this response and then initiates a payment transaction on behalf of the client to the Steam web service
Game’s callback receives a notification that the purchase was either authorized or denied, and posts a FinalizeTransaction call to Steam to complete the operation
Am I missing something? It seems like the game can make/receive the microtransaction requests without the use of a purchasing server. Any sample code from your implementation would be appreciated!
I’ve only had a brief read, but I think in principle it would be possible to do this without a server in the middle, although these are a few reasons why it might not be possible or at least not a good idea:
I imagine you need to supply API keys to communicate. It may not be a good idea to embed these into the App.
Anyone who is able to make direct requests to steam may be able to manipulate the intended purchase request and pass in false data which could result in cheating / unhandled errors etc
Without the middle server, you would be limiting the data you could collect for analysis and any additional filtering you might want.
On top of this it may be that you need to whitelist request IPs with Steam (I don’t know if this is true), or it may be part of their agreement that you must have a server to handle all requests.
It does add to the work load of releasing, but depending on the level of purchases you’re expecting you could setup a server for around $5 a month. You’d need to write something to handle the requests too. There might be something out there already you can just use, but if not then take a look at something like NodeJS and Express which will get you up and running pretty quickly.
You make some good points I hadn’t thought about in terms of security and validating purchases. I was hoping to avoid creating a server because of the time involved but it likely is the best practice because of the issues mentioned above. Thanks.
I still don’t know enough about this myself, but after several days of furious google-fu, ended up finding the Steam Microtransactions Forums (lol, that’d been a good play to start, need to be login on your Steam Dev Account though)
And the consensus is that if you don’t want or can’t implement an intermediary purchasing server, you can use Steam Inventory Service instead. Which seems lets you handle IAP from Steam itself.