How do we verify Android in-app billing receipt on the server side?

Asked 5/12, 2011 at 10:57 Answered 31/5, 2016 at 15:6

Solved android in-app-purchase google-checkout in-app-billing

I am implementing in-app billing into an Android game and we want to use a server to store the purchase information.

According to what I understood so far, Android Market will return a callback to the app in the form of Broadcast receiver about the purchase status. But since we are persisting the transaction information on the server, my app has to make some http post request and update my server. There is a very high chance that this http post request could be imitated by some hacker manually. How do I validate that Android market receipt information from my server code?

Is there any Google checkout callback to my server available? Or is there a way to validate the IAB response provided by the http client is genuine and it is a purchase done in my app only!

On the Apple IOS IAP process, they have a validate web API @ https://sandbox.itunes.apple.com/verifyReceipt for which we can pass

req.method = URLRequestMethod.POST;
req.data = "{\"receipt-data\" : \""+ t.receipt +"\"}";

and it says if the receipt is proper or not. Do we have something like that for Android?

Honestly answered 5/12, 2011 at 10:57 Comment(0)

Update: You can use the getPurchases() method to retrieve "un-consumed" purchases, as explained in the developer docs:
http://developer.android.com/google/play/billing/billing_reference.html#getPurchases

Original Answer (now out of date)

The Google Checkout API is deprecated. You should now use the Purchase Status API.

If you plan to use the Purchase Status API, the link above mentions these limitations:

You can use the API to check the status of individual items only — bulk requests for order status are not supported at this time.
You can query for the details of orders placed on or after 12 June 2013, but not for orders placed earlier.
You can query purchases of any item type made with the In-app Billing v3 API, or purchases of managed items made with In-app Billing v1 and v2. You can not use the Purchase Status API to query purchases of unmanaged items made with In-app Billing v1 or v2.

Kermie answered 2/7, 2013 at 23:35 Comment(2)

the link is gone, it just redirects to developer.android.com/google/play/developer-api.html#overview – Jemison 15/11, 2015 at 9:19

Thanks, I've updated the answer so that hopefully it is a bit more current. – Kermie 17/11, 2015 at 14:24

EDIT: this answer is obsolete, see Dan J's answer.

There's no callback, but Google Checkout has an API. Your answers are here.

Jagged answered 4/2, 2012 at 22:4 Comment(1)

This answer is obsolete, and Dan J is right. May the OP accept that one. – Jagged 20/8, 2013 at 0:27

This is an old post, but I hope to help others.

There is a way to validate purchases from server side, you have to use this rest API.

https://developers.google.com/android-publisher/api-ref/purchases/products/get

Balky answered 31/5, 2016 at 15:6 Comment(0)

Recommended topics

Hot tags