I'm building a backend to an Android app with In-App Billing. Google recommends setting a unique developer payload for verifying purchases.
I'm planning to generate this payload on device at the time of purchase and store it on my backend server for validation later or if the user logs in on another device.
For additional verification, I'd like to have the server verify the token at the time it receives it to (a) ensures it is valid and (b) is tied to the user I think it is. Does Google provide an API for this, or can we only verify in the Android app?
