DeveloperPayload is just another way to make the entire purchase process safer.
If it is not implemented, you are no longer checking to see if the request is true. Would it be letting a user (using hack?) Buy multiple items from your app without paying you, for example.
How does it work?
When you start the in-app purchase process, you create a payload, which must be different for each user, but not different for each device (because if a user makes a purchase on a device, he has to be able to retrieve that purchase on another device). Using a random string is also not legal, for the same reason of the change of apparatus.
The verifyDeveloperPayload () method is used to verify that the payload that came from the request is the same as the one you used to start the request.
It is recommended to use your own server to store this information, regardless of the version of the app or the device used, you can check if the payload is correct.
If you'd like to read more about this:
link