here are two endpoints i think worth exploring to resolve this issue. can update…
/v1/groups/{groupId}/revenue/summary/{timeFrame} (but this might not be valid if purchase is pending)
/v1/groups/{groupId}/transactions
Roblox-Apis/Documentations/economy.roblox.com.md at main · NoTwistedHere/Roblox-Apis (github.com)
1 Like
Yes they can send the remote themselves however when a user clicks it you can send a remote with the id of whatever there buying. Then detect if they bought it or not. Remove the id. If there is another id sent through but it doesn’t equal the bought one which you can check from the callback then do nothing
2 Likes
How long before the cache expires, or is it not known/unreliable?
2 Likes
i’m not sure what you mean by this. how would you detect if they purchased. there’s purchaseFinished which won’t work for this.
1 Like
i do not know exactly but i would say too long.
1 Like
purchased finished would work for this? How would it not
2 Likes
purchase finished occurs when you press okay. not when you press buy.
press buy roblox takes the price.
press okay game server takes the price.
1 Like
This works for non exploiters. But what we have to realize is that purchase prompting is all done on the client. Even if you call it from the server, its the client that has to handle the prompting. This means in theory using an exploit you can delay the prompts, remove it, or whatever. And the server would not know. All the server knows is when it attempted to send the prompt and when the prompt is finished which only fires after the client presses “OK”.
2 Likes
A solution here which Roblox has already incorporated for DevProducts is a purchase receipt that tells you everything including the price a product was bought at. This would literally eliminate any possibility for this exploit to occur.
7 Likes
Ok so here is another solution.
You get the users items store it in a table somewhere
When they press the button you call a remote event which passes the gamepass id and the target player
you check the id against the targets gamepasses if they have it all good otherwise just return
You get the cost with marketplace service
Wait for an event from the client with if they bought it or not and the bought id.
check the target players gamepasses again
if the id is the same as the last one and the price is the same we run whatever code
otherwise just run the code if it was the previous price
2 Likes
can’t rely on remote event for this. unless we were able to use something like getProductInfo in a loop on the server but the price on that doesn’t hold true.
1 Like
I think this has potential for a different exploit, where user can create an item with an insane price, join the game to get the price cached, then change the price and someone else buys the now-cheap item, yet game records the insane price, because everything else, except for the price, matches.
Easy to add some price checks, but their success rate depends on how frequently GetProductInfo() cache expires.
Also, this exploit requires two people/accounts, so a bit more effort.
2 Likes
recieptInfo already tells you the amount of Robux spent. All of you guys are overcomplicating this.
You can access it by using recieptInfo.CurrencySpent.
2 Likes
that’s for dev products sand to know knowledge nothing like it exists for t shirts
2 Likes
Ohhh, I understand now. Sorry for the miscommunication.
2 Likes
this seems to be the best way i have found at the moment. get the pending robux for the group. im assuming to put this on an interval or if that’s too much then just update it before and after purchases i guess, not sure. and then after they press okay for the purchases get the pending robux again and verify price of t shirt with pending difference.
2 Likes
i have updated the post with more information surrounding this matter. any information or help regarding this topic will be much appreciated. lets work together.
1 Like
it is a shame if there is something you know that we don’t and are unwilling to provide any further assistance. no other developer community does this because it’s simply immature. that being said, i think what we’ve gathered will be enough to prevent these exploiters from abusing the in game economy.
4 Likes
i believe i’ve solved this. will update if i come across any issues but i do not think there will be any. here are the steps
- i make a request to my own api with the queries playerName, assetId, and isPending
- if isPending i activate a while loop for the specific player and make a request once per second using the economy endpoint to get asset details
- i store every response into an array of the player
- i make a second request with the query isPending=false i make a copy of the array of prices associated with the player and clean up then send it as the response (the screenshot i sent)
if anyone can think of any issues with this please let me know. i’ve tested and works.
2 Likes
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.