Hi, Firstly I would like to say that I know nothing about this what so ever and I wouldn't even know where to start to look (apart from here of course). My scenario is that as of next week I will be deploying my Smartphone web apps to a Linux Server ready for sale. I want to use gumroad webhooks (https://gumroad.com/webhooks) to carry out the administrative side of things but have been advised that I need to create some server side logic for security reasons first. This is what I've been advised to do: (I'd welcome any other Input)
1. You have the user create a username and password for your application if they want to purchase (stored server-side).
2. After the ID is created, you send them over to gumroad to purchase (including a user ID).
3. If the purchase is successful, gumroad contacts your server with the user ID.
4. The server marks that user as authorized/purchased. At this point, what you return to gumroad doesn't matter, as long as it gets the user back to your app.
5. The user logs in, and their account is now authorized.
As you can see, it's going to require a bit of server side authorization if you don't want people to be able to re-use licenses.
If someone could point me in the right direction for examples on procedures and coding that would be much appreciated