I’m looking into how to build in-app purchase/subscription into an app built from Vuo.
As far as I can tell, possibly the only way to do this would be to bundle some web app that is launched from
Execute Shell Command or
Fetch Data and talk to Stripe (etc). Wondering if anyone has ever tried anything similar in Vuo?
I’m thinking that I might be able to generate a UDID, open a web browser with with UDID. Have the user complete the transaction there, then email them some code they can type into my Vuo App to authorise.
It’s pretty far from the Vuo wheelhouse, so any tips, like “you’re crazy” would be appreciated.
It may be possible to do the client side of it with stock nodes —
Execute Shell Command and
Fetch Data as you mentioned, plus
Open URL in Browser,
Make Text Field,
You’d need some custom server-side code to present the Stripe payment form, receive the device identifier, and generate a license key.
I went with FastSpring for my first pass at this. FastSpring is abstracted a bit further higher than Stripe, and also is the ‘wholesaler’ which makes the business end a bunch easier.
Happy to share my learnings here if anyone is interested. In essence, My current setup basically punts all account creation etc to the FastSpring page. And asks user to enter their provide an email to Execute Shell Command to ‘Register’ which pulls down a license valid boolean. I’ll save this email to user prefs somewhere and check occasionally. Very, very not sophisticated Once I got my head around cURL, it’s actually only a handful of patches to accomplish in Vuo, which is great.
I’m putting a FastSpring account + password in the Shell Command, which I’m a bit concerned could be discovered in some method (cracking open .app, or watching shell commands somehow etc.)
Anyone may feel free to tell me I’m doing something incredibly stupid.
Yeah, you should try to secure that account info, since it would not be difficult to extract from the app. Some tips here: https://stackoverflow.com/questions/14570989/best-practice-for-storing-and-protecting-private-api-keys-in-applications
Thanks. I’m trying to map the advice in that (handy!) thread into things I can do in Vuo.
For example, rather than keeping the keys directly in a string which is fed to Execute Shell Command, I might create a more convoluted set of node that re-assembles the strings in some way from pieces before feeding to Execute Shell.
Is the log of Execute Shell Command visible to the outside world (outside of the executable, that is)?
Yes, it’s possible though not trivial. Someone could use tools like
ptrace to spy on the internal workings of the app (possibly after rebooting with System Integrity Protection disabled).
Thanks—I think for now that rules out the casual pirates.