I am building a Google checkout system. It works perfectly. I want to add an additional step to verify that the API notifications coming are from google and that the transaction is valid.
I can do curl notification-history-request on a 100% valid and charged transaction and it still comes back with the Financial Order State set to "Reviewing" when the transaction should say charged. Is there anyway to get it to tell me what it has charged?
Actually, its not 2 questions.
$fields = array(
'_type' => 'notification-history-request',
'order-numbers.google-order-number-1' => 'ORDER_ID',
'notification-types.notification-type-1' => 'charge-amount',
);
That solves the issue. This way allows you to call google and ask if the transaction notification is 100% valid in PHP. It is possible to access your incoming API page and inject the information for a transaction. So, before you ship out everything you should ask google if it is valid AND if it has been paid for. Even if you have received the new-order-notification, risk-information, and order-state-change.