Implementing Promo Codes for In-app purchases

[jaygummers]

Hi, this thread is not related to a game but rather a website that offer promo codes for games. Since most of you are developers, I thought this would be a relevant place to ask the question. 

 

Now, I am creating a website that offers promo codes for console games but for registered users only. So far the development is good but I am having trouble creating the frontend of the generator. The backend is based on JavaScript and looks like this - 

function makeId(length) {
  var text = "";
  var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
  for (var i = 0; i < length; i++)
    text += possible.charAt(Math.floor(Math.random() * possible.length));
  return text
}

Can anyone help me out? 

[mattstyles]

Not sure what you mean by frontend of the generator?

There are two parts (right?), the user wants to get a code, the user wants to enter a code.

Get

Client hits a service endpoint, service runs that code snippet (or whatever) to generate the code, puts it in persistent storage somewhere, and returns it to the user.

Job done right?

Use

Client hits a service endpoint to use the code, service checks the persistent storage, if found it deletes it from storage and passes a success to client, if not found then returns an error state to the client.

 

Then you have the fun of checking malicious users/bots aren't trying to exploit your system, but that's additional to the base logic of creating and consuming random strings.

There is normally an additional use case, which is 'User has forgotten their code and requests it again', this is trickier to shield against abuse, but would mean storing the generated promo code string alongside some sort of ID that represents that user. This is easier for registered users as you probably have a key, mostly the concept of a guest is with an identifier (i.e. email) so its ok, for totally random users you have no way to identify them when they return.

The case above is for a one-time use code, you might also support multi-use codes i.e. the sort you find on promo sites that can be used by multiple users (e.g. get £5 a pizza from your local pizza place). Multi-use codes are trickier as they persist longer, but storing them with a count of uses or an expiry timestamp usually solves it cleanly enough, again, exploitation can be trickier to protect against as you have to think about whether a user can use the same code multiple times, usually this is acceptable but not for the same transaction.

What you absolutely do not want to do is generate codes on the client, but I don't think you're suggesting that anyway, others might be tempted though, do not be tempted!.

[jaygummers]

By the front end, I meant the HTML & CSS of the generator. I am not that great at designing it for my promo codes site. That's why I asked it in the front place. 

Also, if you could elaborate more on multi-use codes, then it'd be great. 

Thanks. 

[mattstyles]

Multi-use codes are the sort of thing you used to find in newspapers where one code can be used by multiple people. I suspect sites like https://www.vouchercodes.co.uk/ work the same, although if they work with anonymous users they might push out individual codes, but I doubt it, not for all their codes anyway.

I work for an ecommerce company and we push codes out to our consumers, I don't think we do anymore, but we used to do a mailshot and even though we knew who they going to, they're all the same code. There may have been other use-cases for multi-use codes.

It gets tricky because you don't want the same code applied multiple times to the same transaction, which is usually easy, but, you may want it once per user (most don't, you can reuse the same code if you transact multiple times), its only tricky because it has to be tied to a user. Most checkouts require an email/id, so that can be used to tie up the code to the user.