Possible error in IAP S2S API documentation

Question

In the IAP S2S API documentation ( https://developer.oculus.com/documentation/unity/ps-iap-s2s/ ), it says we need the app access token and the app id to verify entitlement of purchased items, which does not contain any user identification information.

curl -d "access_token=OC|$APP_ID|$APP_SECRET" -d "sku=$SKU" https://graph.oculus.com/$APP_ID/verify_entitlement

I tested the API endpoint with several combination of data, and it seems we need to send the user access token instead of the app access token to check entitlement (the response says DUC related document should be filed beforehand, which is expected).

I would like to clarify two things:

1. Should we send the user access token to the IAP S2S API to verify entitlement of an item?

2. If 1 is correct, should the secure server acquire user access tokens from game clients?

Thanks in advance.

Wang_Shi · Answer

yes, it is wrong, and I tried this like below, it works:

curl -d "access_token=OC|$APP_ID|$APP_SECRET" -d "sku=$SKU" -d "user_id=$user_id" https://graph.oculus.com/$APP_ID/verify_entitlement

the request must post user id.

Forum Discussion

🚨 This forum is archived and read-only. To submit a forum post, please visit our new Developer Forum. 🚨

Possible error in IAP S2S API documentation

1 Reply

Quick Links

Other Meta Support

Related Content

Best way to report documentation errors

FAIL_FORBIDDEN_PERMISSION Developer Hub error READ_PHONE_STATE Error

Missing Documentation: GLTF Extension support

Error message

OVRPlugin.SpatialEntityAnchorCreateInfo reference documentation