Also, their security is ponderous. Paypal's was pretty simple. You'd get a notification from Paypal that somebody's buying something. In that notification, they'd send you a bigass random string as a token. You'd then send that token back to Paypal as your way of saying "did you really send this order to me?". If it send you back "VERIFIED", then the order was indeed sent from Paypal and not from someone trying to fake out your processing code.
Google Checkout wants everything in XML and encrypted. I could probably write the encryptor in ActionScript, but I took the easy way out and sent my cart-contents to some PHP code that'd send it along to Google, as Google already had the stuff written out in PHP as a sample app. I used the PHP CURL stuff so that I could transparently massage my shopping cart into something google-friendly and then send it to 'em.
Biggest problem now is how Google sends me back the verification that the charge happened. It's similar to Paypal in that there's a little piece of back-end code you write. And, unlike Paypal, Google sends you the stuff as XML rather than a CGI post, as that makes things needlessly complicated.
The hassle is how Google sends you stuff. Basically everything gets sent separately. I'll get stuff like this. . .
"Hey codezone. User firstname.lastname@example.org wants to buy item PP1 for $9.95. I'm calling it transaction number 1344."
This is pretty-much all I need to verify and send you a game. But I can't send it to you yet. All that means is that someone INITIATED a transaction. Not that the transaction went through.
A few seconds later, google will call me again to say. . .
"Hey codezone. Transaction number 1344 is now set to chargeable."
That means that I'll be getting my money, so this is the important notification. Unfortunately, this notification doesn't tell me what the user bought. It only tells me the order number and that the status has changed. That means that I have to save the first transaction above somewhere and just wait until its status changes.
IIRC, Paypal does the same thing, but paypal sends along all of the item numbers and prices again. That way I can ignore the first packet entirely because, frankly, I couldn't much care if someone starts to buy something and then doesn't finish.
So basically I'm gonna need to store partially completed transactions.