How to: Configure an IAP Verification Endpoint

Begin by configuring a verification URL in your dashboard. The app will POST a JSON object such as the following to the URL you configured:

Google Play purchase example JSON:

{
    // the userIdentifier you passed via Javascript
    "userIdentifier": "user123",
    // your app's ID (only relevant if you have multiple apps using the same verification endpoint)
    "appId": 1234,
    "purchaseDetails": {
        "verificationData": {
          "serverVerificationData": "abcdefghijklmnopqrstuvwx.AO-J1Oyabcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopq",
          // the "autoRenewing" property in localVerificationData is only sent if the product is a subscription
          "localVerificationData": "{\"orderId\":\"GPA.1234-1234-1234-12345\",\"packageName\":\"example.package.name\",\"productId\":\"exampleProductId\",\"purchaseTime\":1643389081662,\"purchaseState\":0,\"purchaseToken\":\"abcdefghijklmnopqrstuvwx.AO-J1Oyabcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopq\",\"autoRenewing\":true,\"acknowledged\":false}",
          "source": "google_play"
        },
        "productID": "consumable",
        "purchaseID": "GPA.1234-1234-1234-12345",
        // can also be "restored" if triggered by a call to restorePurchases()
        "status": "purchased",
        "transactionDate": "1643389081662"
      }
    }
}
    

App Store purchase example JSON:

{
  // your app's ID (only relevant if you have multiple apps using the same verification endpoint)
  "appId": 1234,
  // the userIdentifier you passed via Javascript
  "userIdentifier": "user123",
  "purchaseDetails": {
    "verificationData": {
      "serverVerificationData": "veryLongBase64String",
      "localVerificationData": "veryLongBase64String",
      "source": "app_store"
    },
    "productID": "consumable",
    "purchaseID": "123",
    // can also be "restored" if triggered by a call to restorePurchases()
    "status": "purchased",
    "transactionDate": "1644239123000"
  }
}
    

Then, based on the source, you need to verify the purchase with Google Play (if source==google_play) or with the App Store (if source==app_store).

Afterwards, if the purchase is valid, you should grant the user access to the purchased product.

You will mainly need the userIdentifier (which is the string you passed when you called makeInAppPurchase in your website's Javascript) to determine who to unlock the products for and the productID to determine what product to unlock for the user.

After an in app purchase - especially a subscription - was made, you will need to listen to any changes that get made to it. For example you will be notified when a subscription was canceled or an in app purchase was refunded, so you can then revoke the benefits the user gets from the subscription.

• Configure Real-time developer notifications for Google Play
• Enabling App Store Server Notifications

Finally, return a 200 status code and this JSON, so the app can confirm the purchase:

{
    "complete_purchase": true
}
    

Or, if the purchase is invalid, return a 200 status code and this JSON, in which case the app won't confirm the purchase:

{
    "complete_purchase": false
}
    

If you don't return a 200 status code, the app will try to repeat the request. If the app is unable to get a response indicating that the purchase was verified, it will not confirm the purchase. This will lead to the purchase being automatically refunded in 3 days (if it actually was valid).