Do we still need to create some kind of control within Fusion to check if the in app purchase made is legitimate?

There are some old threads here for example talking about "developer payload" which I understand from google is not needed now a days. But google do suggest using some sort of control if I understand it correctly.

If we still need some control do we use the "token" to do it?

Any examples on how I can go about accomplishing this?

All suggestions much appreciated.