# Overview To grant entitlements securely, validate purchases on your **backend** rather than trusting the client alone. OnsideKit produces a signed transaction history that your server verifies against the Onside Merchant API. Validation has two parts: 1. **On the client** — get a signed (JWS) in-app purchase history from OnsideKit and send the relevant order ID (and optionally the JWS) to your backend. See [Signed In-App Purchase History](/sdk/purchase-validation/signed-in-apps-history.md). 2. **On your backend** — query the Onside Merchant API for the order, verify the signed response, and grant entitlements. See [Backend Validation & Merchant API](/sdk/purchase-validation/merchant-api.md). ## Flow ```mermaid sequenceDiagram participant App as Mobile App participant SDK as OnsideKit participant Backend as Publisher Backend participant API as Onside Merchant API App->>SDK: Request signed history SDK->>App: Return signed JWS App->>Backend: Send order ID (and JWS) Backend->>Backend: Generate Merchant JWT Backend->>API: GET /history/{order_id} API->>Backend: Return signed transaction details (JWS) Backend->>Backend: Verify JWS (Onside public key) Backend->>Backend: Grant entitlements Backend->>App: Confirm validation ``` ## Prerequisites To call the Merchant API, obtain a **Merchant ID**, a **Merchant Secret**, and a **Secret Key ID (`kid`)** from the Onside Manager. These enable secure server-to-server authentication. ## Next * [Signed In-App Purchase History](/sdk/purchase-validation/signed-in-apps-history.md) — the client side * [Backend Validation & Merchant API](/sdk/purchase-validation/merchant-api.md) — the server side --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.onside.io/sdk/purchase-validation/purchase-validation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.