Confirm
1,158
edits
Changes
→Interaction with the verify URL
If the <tt>verify</tt> URL is present, the receiving party may verify it by issuing a POST request to it, where the message body contains the complete receipt. The return value of this request is a JSON object with fields:
* <tt>status</tt>: A string, containing one of the values "ok", "pending", "refunded", "expired" or "invalid".
Application-level authentication on the verifyURL request is not strictly required, as the possession of a receipt proves that the application is already part of a trusted message flow.
