Server-side implementation of UDP

The server-side integration consists of the following steps:

Query orders
Receive callback notifications

Querying Orders

Your game can query UDP about orders by calling an HTTP GET request.

Querying UDP about orders：

https://distribute.dashboard.unity.com/udp/developer/api/order?orderQueryToken=<orderQueryToken>&orderId=<orderId>&clientId=<clientId>&sign=<sign>

Parameters in the request:

Attribute name	Format	Required/Optional	Description	Example
orderQueryToken	String	Required	The order query token returned by the client SDK when finishing a purchase. The token needs to be encoded Base64 before being used in the query.(UDP SDK will return PurchaseInfo.OrderQueryToken)	eyJjaGFubmVsUHJvZHVjdElkIjoiaWFwLl9mM2YzZiIsImNoYW5uZWxUeXBlIjoiQVBUT0lERSIsImNsaWVudElkIjoiQUFJZ3g5VmNGaDJZQ1ZxbUs2VWNDUSIsImNwT3JkZXJJZCI6IjJhNGQ5MWY4NDgzZjQ3YjlhYzFhNGY5MDAwZDVhNTRhIiwicGFja2FnZU5hbWUiOiJjb20udW5pdHkudW5pdHl0ZXN0Z2FtZV9mZWZ3In0=
orderId	String	Required	The orderId returned by the client SDK when finishing a purchase.(UDP SDK will return PurchaseInfo.GameOrderId)	2a4d91f8483f47b9ac1a4f9000d5a54a
clientId	String	Required	The clientId can be found in the Game info - integration information of UDP console	AAIgx9VcFh2YCVqmK6UcCQ
sign	String	Required	Generate signature with orderQueryToken and client secret, MD5.hash(orderQueryToken + clientSecret). Client Secret can also been found in the Game info - integration information of UDP console.	Client Secret: KKcCyAgej06MxjKX31WuFNeHSaTJAjLDlgoDWsPJDAM Sign: 90a4e440897623c7cd0b2b80a97c267e

Parameters in the response：

Attribute name	Format	Required /optional	Description	Example
clientId	String	Required	The clientId that is returned by Unity after the game has created a client in the Unity IAP.	Q4AnJDW2-rxLAPujqrk1zQ
cpOrderId	String	Required	The order ID assigned by your game, or Unity if the game does not generate it.	66mea52wne
channelType	String	Required	Channel type	APTOIDE,CLOUDMOOLAH
status	String	Required	Indicates the status of the order.	SUCCESS, FAILED, UNCONFIRMED
productId	String	Required	The product ID associated with the order	product_1
amount	String	Required	The payment amount of the order	1
quantity	Integer	Required	Indicates the quantity of the product.	1
currency	ISO 4217	Required	The currency used to purchase the product	CNY
country	ISO 3166-2	Required	The country or geographic region in which the user is located	CN
paidTime	ISO8601 yyyy-MM-ddThh:mm:ssXXX， UTC timezone	Required	Specifies the time when the order is paid.	2017-03-08T06:43:20Z
rev	String	Required	The revision of the order (only for update)	0
extension	Json String	Optional	The developer payload used to add reference information	{"abc" : "123"}

Here is an example request from your game server to the UDP server and response from the UDP server back to your game server：

The content of the orderQueryToken:

{“channelProductId”:“iap._f3f3f”,“channelType”:“APTOIDE”,“clientId”:“AAIgx9VcFh2YCVqmK6UcCQ”,“cpOrderId”:“2a4d91f8483f47b9ac1a4f9000d5a54a”,“packageName”:“com.unity.unitytestgame_fefw”}

Being encoded using Base64, the orderQueryToken:

eyJjaGFubmVsUHJvZHVjdElkIjoiaWFwLl9mM2YzZiIsImNoYW5uZWxUeXBlIjoiQVBUT0lERSIsImNsaWVudElkIjoiQUFJZ3g5VmNGaDJZQ1ZxbUs2VWNDUSIsImNwT3JkZXJJZCI6IjJhNGQ5MWY4NDgzZjQ3YjlhYzFhNGY5MDAwZDVhNTRhIiwicGFja2FnZU5hbWUiOiJjb20udW5pdHkudW5pdHl0ZXN0Z2FtZV9mZWZ3In0=

orderId:

2a4d91f8483f47b9ac1a4f9000d5a54a

clientId:

AAIgx9VcFh2YCVqmK6UcCQ

clientSecret:

KKcCyAgej06MxjKX31WuFNeHSaTJAjLDlgoDWsPJDAM

Sign:

90a4e440897623c7cd0b2b80a97c267e

Request:

Get 
https://distribute.dashboard.unity.com/udp/developer/api/order?orderQueryToken=eyJjaGFubmVsUHJvZHVjdElkIjoiaWFwLl9mM2YzZiIsImNoYW5uZWxUeXBlIjoiQVBUT0lERSIsImNsaWVudElkIjoiQUFJZ3g5VmNGaDJZQ1ZxbUs2VWNDUSIsImNwT3JkZXJJZCI6IjJhNGQ5MWY4NDgzZjQ3YjlhYzFhNGY5MDAwZDVhNTRhIiwicGFja2FnZU5hbWUiOiJjb20udW5pdHkudW5pdHl0ZXN0Z2FtZV9mZWZ3In0%3D&orderId=2a4d91f8483f47b9ac1a4f9000d5a54a&clientId=AAIgx9VcFh2YCVqmK6UcCQ&sign=90a4e440897623c7cd0b2b80a97c267e

Response:

{
"ClientId":"AAIgx9VcFh2YCVqmK6UcCQ",
"CpOrderId":"2a4d91f8483f47b9ac1a4f9000d5a54a",
"ProductId":"iap._f3f3f",
"ChannelType":"APTOIDE",
"Currency":"APPC",
"Amount":"0.1",
"Country":"HK",
"Quantity":1,
"Rev":"0",
"Status":"SUCCESS",
"PaidTime":"2019-06-12T03:59:42Z",
"Extension":"unity://unity3d.com?cpOrderId=2a4d91f8483f47b9ac1a4f9000d5a54a\u0026payload=payload2"
}

Receiving callback notifications

After a purchase succeeds, if you have specified a callback URL, the UDP server notifies the game server with the payment result. Implement an HTTP GET request and accept the following query parameters:

Attribute Name	Format	Required/Optional	Description
payload	Json String	Required	The contents of the purchase order. See more in Json payload.
signature	String	Required	The PKCS1 v1.5 signature of the payload

Using the certificate

You can verify the certificate using the Unity Client RSA Public Key. If the certificate passes verification, extract the RSA public key from the certificate and use this key to verify the signature. The signature is generated by encrypting the payload with the by RSA-SHA1 algorithm.

Here is an example：

Public key:

MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4qxbtUqsrvwk2FZ+F2J0EkUDKLdZSVE3qPgxzKxOrgScGrCZULLav9CPzRP91HN9GccvmShH2bsegP3RVtMdwU1eV7C2JdOW1sylCyKIgylCT8tLdQeUMRaIlt7fOfl+k3bkUouWJx8WnrQYM6a7oDeCGklIlekvpQ2NcS1eg7Jp646vBzyu8FMBiuj5LZOhCJg/XXs0kRpvSOBAPndUu/HgqD9aFaXNZBxMN++efxq6PnAVRzRdTtRur+OZSBGjXxgaBKrdbXCkEM3fkMgXP9egq6vnzCiQhZ7UDFXtXQ3DPqviqrTY5WsR9t4X6JxCXo6yGlQAEK/ft9MWN13nrQIDAQAB

Request body:

{
    "signature": "swWWZpg0/Y26XBohvqqC/for4nyhS5zwzru5s8AJI7YYC+ECHOk7KQjOyFw7cWxM3QNpd7N7E7Umy3vYwDXjV2Y4BLnuJy5gGIpO5jKU4xBNQf793FmI0Fk93YrU31QyiIjXymg1O/H1nKSJXqMz6bycBugiStqsuGp1/CctTHE0Dpv4hC6fZoNWIHYpPJQuKh4DyP1lgE32omcuKUh7IAQduRPDa+qiYJRCA8bV17xK6T8ajS3RlhKue9hjE2a21t8p017ViaOS5OWdzptUwgnWaFi6gs1k0cjdn7o/0QJEgk5j6a8WYE/S8F7YfsYcAwUQV4KY3ex0ULsH3GQEGA==",

    "payload": "{\"ClientId\":\"Q_sX9CXfn-rTcWmpP9VEfw\",\"CpOrderId\":\"0bckmoqhel5yd13f\",\"ProductId\":\"com.mystudio.mygame.productid1\",\"ChannelType\":\"APTOIDE\",\"Currency\":\"APPC\",\"Amount\":\"1.01\",\"Country\":\"CHINA\",\"Quantity\":1,\"Rev\":\"0\",\"Status\":\"SUCCESS\",\"PaidTime\":\"2018-09-28T06:43:20Z\",\"Extension\":\"{\\\"key\\\":\\\"value\\\"}\"}"

}

A code sample showing how to verify the certificate in Go:

func verify(data []byte, publicKey string, sign string) bool {

   decodePublic, err := base64.StdEncoding.DecodeString(publicKey)

   if err != nil {

       panic(err)

   }

   pubInterface, err := x509.ParsePKIXPublicKey(decodePublic)

   if err != nil {

       panic(err)

   }

   pub := pubInterface.(*rsa.PublicKey)

   decodeSign, err := base64.StdEncoding.DecodeString(sign)

   if err != nil {

       return false

   }

   sh1 := sha1.New()

   sh1.Write(data)

   hashData := sh1.Sum(nil)

   err = rsa.VerifyPKCS1v15(pub, crypto.SHA1, hashData, decodeSign)

   if err != nil {

       return false

   }

   return true

}

Here is the content of a JSON payload:

Attribute Name	Format	Required/Optional	Description	Example
cpOrderId	String	Required	The unique order identifier assigned by your game.	0bckmoqhel5yd13f
status	String	Required	Indicates the status of the order.	SUCCESS
amount	String	Required	Specifies the amount of money that the order cost.	1.01
productId	String	Required	Specifies the unique identifiers of the products that belong to the order.	com.mystudio.mygame.productid1
payTime	ISO8601 yyyy-MM-ddThh:mm:ssZ, UTC timezone	Required	The time when the order was paid.	2018-09-28T06:43:20Z
country	ISO 3166-2	Required	The country where the order was paid.	CHINA
currency	ISO 4217 or cryptocurrency type	Required	The currency of the country where the order was placed.	APPC
quantity	Integer	Required	The number of products in the order.	1
clientId	String	Required	The unique client identifier that is returned after your game generates a client in Unity IAP.	Q_sX9CXfn-rTcWmpP9VEfw
extension	String	Optional	The developer payload which is used to contain reference information for developers.	"{"key":"value"}"