Caching in-app purchase receipt validation certificates RRS feed

  • Question

  • In this documentation page, Microsoft recommends caching in-app purchase receipt validation certificates retrieved from their servers when performing receipt validation on the back-end. However, i think that some essential information is missing, namely:

    • since each certificate is given by an ID specified in the receipt, how many certificates should we expect to exist? Would their cumulative size be prohibitive for in-memory caching only?
    • cache invalidation: there doesn't seem to be any way to figure out if a certificate has been retired or has expired besides re-downloading the entire certificate, which then defeats the purpose of caching; can we thus expect that each certificate will always stay the same for all practical purposes, so once it's cached it never needs to be re-downloaded from MS servers?

    I'd greatly appreciate if someone from Microsoft could officially clarify these aspects, otherwise caching seems to risky to use when validating those paid receipts.

    Monday, October 7, 2013 8:46 AM

All replies