How to: Configure a Custom IAP Verification Endpoint

Posted on 2. February 2022 by Jan Bunk


Setting up your own verification endpoint is a bit complicated, so unfortunately we don't have the capacity to write a fully detailed step by step guide on how to do it. We will however point out the main steps in this guide.

The app will POST a JSON object such as the following to your verification endpoint:

Google Play purchase example JSON:


{
    // the userIdentifier you passed via Javascript
    "userIdentifier": "user123",
    // your app's ID (only relevant if you have multiple apps using the same verification endpoint)
    "appId": 1234,
    "purchaseDetails": {
        "verificationData": {
          "serverVerificationData": "abcdefghijklmnopqrstuvwx.AO-J1Oyabcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopq",
          // the "autoRenewing" property in localVerificationData is only sent if the product is a subscription
          "localVerificationData": "{\"orderId\":\"GPA.1234-1234-1234-12345\",\"packageName\":\"example.package.name\",\"productId\":\"exampleProductId\",\"purchaseTime\":1643389081662,\"purchaseState\":0,\"purchaseToken\":\"abcdefghijklmnopqrstuvwx.AO-J1Oyabcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopq\",\"autoRenewing\":true,\"acknowledged\":false}",
          "source": "google_play"
        },
        "productID": "consumable",
        "purchaseID": "GPA.1234-1234-1234-12345",
        // can also be "restored" if triggered by a call to restorePurchases()
        "status": "purchased",
        "transactionDate": "1643389081662"
      }
    }
}
    

App Store purchase example JSON:


{
  "appId": 1234,
  "userIdentifier": "user123",
  "purchaseDetails": {
    "verificationData": {
      "serverVerificationData": "veryLongBase64String",
      "localVerificationData": "veryLongBase64String",
      "source": "app_store"
    },
    "productID": "consumable",
    "purchaseID": "123",
    // can also be "restored" if triggered by a call to restorePurchases()
    "status": "purchased",
    "transactionDate": "1644239123000"
  }
}
    

Then, based on the source, you need to verify the purchase with Google Play (if source==google_play) or with the App Store (if source==app_store).

Afterwards, if the purchase is valid, you should grant the user access to the purchased product. More info on unlocking purchased products

Finally, return a 200 status code and this JSON, so the app can confirm the purchase:


{
    "complete_purchase": true
}
    

Or, if the purchase is invalid, return a 200 status code and this JSON, in which case the app won't confirm the purchase:


{
    "complete_purchase": false
}
    

If you don't return a 200 status code, the app will try to repeat the request. If the app is unable to get a response indicating that the purchase was verified, it will not confirm the purchase. This will lead to the purchase being automatically refunded in 3 days (if it actually was valid).