Tech Hub
A Developer’s Guide to Verify In-App Purchase
May 15, 2022
Posted by: Rahul Upadhyay
Disclaimer: Helpful document for the coder.
Objective
Verify In-App purchase/subscription from Google Play Store and Apple Store
Requirements
- Apple IAP Verification: Apple shared secret
- Google IAP Verification: Service Account Key file (JSON file)
- Key factors: Expertise & Patience
RESTful APIs
Purchase subscription/product
This will be the first API call from the mobile app to send the purchase details to the backend.
|
Parameters |
|
|
item_id |
|
|
receipt |
iPhone should pass the receipt_data and the Android should pass the purchase_token |
|
platform |
Either “google” or “apple” |
|
is_renewable |
Optional parameter for Android only. iPhone devices can skip this parameter. 1 = True, 0 = False |
Now, let’s understand the flow by following the sequence diagram
Verify Purchase
This will be another API call from the mobile app to verify the purchase period and the Backend is checking this on daily basis with the CRON (The CRON is a software utility, offered by a Linux-like operating system that automates the scheduled task at a predetermined time.)
Now, let’s understand the flow by following the sequence diagram:
Verify on Google
When the “platform” is “google”, the backend needs to verify the purchase token stored in the key “receipt”. To do so, the backend team needs the Service Account JSON file to communicate with the Google Play Developer API. To get the purchased details and to verify it, you have to check, if you are checking for product purchase or subscription purchase.
Requirements:
- Service Account JSON file | How to get one? Please refer to this document.
- Authorization Scope: Requires the following OAuth scope to verify purchases.products or purchases.subscriptions:
- URL:
http://accounts.google.com/o/oauth2/token - Scope:
http://www.googleapis.com/auth/androidpublisher - Check this blog to know how to get an access token.
- URL:
purchases.products
Note: The URL uses gRPC Transcoding syntax.
Checks the purchase and consumption status of an in-app item.
HTTP request
GET
purchases.subscriptions
Checks whether a user's subscription purchase is valid and returns its expiry time.
|
Parameters |
|
|
packageName |
|
|
productId |
The package name of the application the in-app product was sold in (e.g., 'com.devdigital.app.tier1.package1'). |
|
subscriptionId |
The purchase subscription id (e.g., 'com.devdigital.app.tier1.monthly') |
|
purchaseToken |
The purchase token stored in the database by the user |
|
accessToken |
The access token generated with OAuth Steps |
This is what subscription response looks like,
Verify on Apple
When the “platform” is “apple”, the backend needs to verify the receipt-data stored in the key “receipt”.
Requirements:
- Apple Shared Secret | How to get one? Please refer to this document
verifyReceipt
Send a receipt to the App Store for verification HTTP requests.
HTTP requestSandbox URL: http://sandbox.itunes.apple.com/verifyReceipt
Production URL: http://buy.itunes.apple.com/verifyReceiptMethod: POSTHTTP Body: requestBodyResponse Codes:200 - responseBody
References
Apple IAP verification:
- Sandbox API endpoint:
http://sandbox.itunes.apple.com/verifyReceipt - Production API endpoint:
http://buy.itunes.apple.com/verifyReceipt
Google IAP verification:
- OAuth URL:
http://accounts.google.com/o/oauth2/token - Scope:
http://www.googleapis.com/auth/androidpublisher - Android Product Purchase
- Here service account access token should be derived from the OAuth URL and Scope. The service account key file (.json) have all the necessary details.
- Android Subscription Purchase
more...
Back