Suppose that I want to give to users of my site the option to pay for a service and use it later.
I am thinking to generate a unique ID for the paid service. I want to be able to trust the ID to decide if the user has paid the service or not but I do not want to store anything on the servers because the ID should have all the information that I need.
How long should the ID be to ensure that nobody would be able to forge one without paying ?
Are there best practices to generate this ID ?
Do you think that it would be possible to store the ID on a QR? It seems that the QR becomes too big when you try to store, for example, 1024 characters.