Web Monetization Community

loading...

Trying out receipt verifier service.

xanderjakeq profile image Xander Jake de los Santos ・1 min read

The tutorial is really helpful! As I finished it, I realized that the event listener is firing so often and hitting my backend at least every second.

Is this the accepted standard? It doesn't feel right. My expectation is that I will check if one transaction is good, then I would assume all other transactions can also be trusted. Is this a bad strategy?

If you have more knowledge on this. Please do comment. Thanks!

Discussion (3)

pic
Editor guide
Collapse
wilsonianb profile image
Brandon Wilson • Edited

My expectation is that I will check if one transaction is good, then I would assume all other transactions can also be trusted.

That wouldn't be safe since a user could do a single valid micropayment and then send you spoofed subsequent receipts with larger amounts.

Because receipt amounts represent the total amount paid, you don't have to verify every receipt from every monetizationprogress event. You could do something like: every five seconds, send the latest receipt to your backend to verify (in which case you may want to have the frontend decode the receipts to make sure it's tracking the latest one with the largest amount).

Collapse
gfam profile image
gFam

We'll be looking to implement the receipt verifier in a couple of months... so we'd be interested to hear other people's experience in this too.

Collapse
cyberdees profile image
Desigan CHINNIAH

^^ One for @wilsonianb here...