I am testing out Google Checkout and have a question.
First I'll tell you what I am trying to do. My site is a digital service. Users will be able to purchase 'projects'. They will have options to buy 1, 5, 10, 25 &50 projects at a time. Each has their own price.
What I want to do is have either a cart or buy now button for each option and then send the user to Google checkout. Ideally, Google would then notify me and automatically my site will credit the user's account.
How is the best way of going about this? I know how to do the db stuff, and I now that I can place a link in the buy now button. However, if I place a link for the user to click on upon purchasing, they theoretically could just keep refreshing that link and adding more and more credits for free. I can't think of a way to prevent this.
I would like to send a unique key to the db, and set the status as 'pending' before sending the info to Google, but I don't know if or where to do that. Once the user has paid, then they would click the link and I would cross reference the key and change the status, thereby preventing any tampering.
I could also put a limit to the number of purchases in a given time period. Perhaps a day. You could only make one purchase in that given time period. I could track that easily, but I don't want to prohibit sales.
I think this is more of a 'logic' problem than a code problem. Am I not seeing a step that I could take?
I thought about using the API Callback URL, but it's universal and I don't even know if that is what it is for. How would I tell the Callback URL which option the user purchased?
Anybody been through this before?
Thanks for any and all ideas.