Currently the only API we have available for detecting when a third party asset is purchased is with the MarketplaceService.PromptPurchaseFinished
signal. Unfortunately this API is exploitable because it is based on what clients report to the server.
My team is having trouble with this because two of our games use a donation system which tracks purchases of classic clothing items and players’ gamepasses. There are two main problems:
-
We need to manually check if a purchase actually got processed successfully by Roblox using
MarketplaceService:PlayerOwnsAsset()
andMarketplaceService:UserOwnsGamePassAsync()
, but these are not ideal because they’re an extra point of failure and potential source of delays. -
The price of a purchase also cannot be verified. We can query the current price using
MarketplaceService:GetProductInfo()
but the result will be cached which makes it very easy to exploit and even if it wasn’t cached it’s not guaranteed to be the price that was used for the purchase. To avoid the caching we need to use the following APIs instead:https://apis.roblox.com/game-passes/v1/game-passes/GAME_PASS_ID/product-info
https://economy.roblox.com/v2/assets/ASSET_ID/details
Related: