Posted on 2. February 2022 by Jan Bunk
Setting up your own verification endpoint is a bit complicated, so unfortunately we don't have the capacity to write a fully detailed step by step guide on how to do it. We will however point out the main steps in this guide.
The app will POST a JSON object such as the following to your verification endpoint:
Google Play purchase example JSON:
{
// the userIdentifier you passed via Javascript
"userIdentifier": "user123",
// your app's ID (only relevant if you have multiple apps using the same verification endpoint)
"appId": 1234,
"purchaseDetails": {
"verificationData": {
"serverVerificationData": "abcdefghijklmnopqrstuvwx.AO-J1Oyabcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopq",
// the "autoRenewing" property in localVerificationData is only sent if the product is a subscription
"localVerificationData": "{\"orderId\":\"GPA.1234-1234-1234-12345\",\"packageName\":\"example.package.name\",\"productId\":\"exampleProductId\",\"purchaseTime\":1643389081662,\"purchaseState\":0,\"purchaseToken\":\"abcdefghijklmnopqrstuvwx.AO-J1Oyabcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopq\",\"autoRenewing\":true,\"acknowledged\":false}",
"source": "google_play"
},
"productID": "consumable",
"purchaseID": "GPA.1234-1234-1234-12345",
// can also be "restored" if triggered by a call to restorePurchases()
"status": "purchased",
"transactionDate": "1643389081662"
}
}
}
App Store purchase example JSON:
{
"appId": 1234,
"userIdentifier": "user123",
"purchaseDetails": {
"verificationData": {
"serverVerificationData": "veryLongBase64String",
"localVerificationData": "veryLongBase64String",
"source": "app_store"
},
"productID": "consumable",
"purchaseID": "123",
// can also be "restored" if triggered by a call to restorePurchases()
"status": "purchased",
"transactionDate": "1644239123000"
}
}
Then, based on the source
, you need to verify the purchase with Google Play (if source==google_play
) or with the App Store (if source==app_store
).
Afterwards, if the purchase is valid, you should grant the user access to the purchased product. More info on unlocking purchased products
Finally, return a 200 status code and this JSON, so the app can confirm the purchase:
{
"complete_purchase": true
}
Or, if the purchase is invalid, return a 200 status code and this JSON, in which case the app won't confirm the purchase:
{
"complete_purchase": false
}
If you don't return a 200 status code, the app will try to repeat the request. If the app is unable to get a response indicating that the purchase was verified, it will not confirm the purchase. This will lead to the purchase being automatically refunded in 3 days (if it actually was valid).
Here's a list of related pages about in app purchases: