How to verify Android In App Billing receipt using java
Posted By : Tushar Paliwal | 20-Dec-2015
Google provides Play store marketplace for distributing free and paid app's for android platform. This is a way where user can buy digital goods and many functionalities. Many features and apps are free and most of them are paid. To purchase and sell app's from play store, In App Billing can be used which is very simple and easy to implement.
In this artical we will go through a simple approach for verification of receipt, in this process after client intracting with In App Billing we will get receipt data in JSON format. Receipt validation is based on a tried and trusted mechanism using asymmetric encryption, public and private key pairs and digests.
- Google generate a receipt after purhcase of product.
- Then create SHA1 digest of that receipt data.
- Encrypt the digest using your account's private key.
- Return the receipt as plain text and the encrypted digest.
You can then verify that:
- The receipt is from your application.
- Provided receipt has not been tampered with someone in middle.
- Receipt signed with your private key.
We can verify using following steps:
- Decrypt the digest with your public key.
- Validate the digest matches the digest of the receipt provided.
- Validate the details of the receipt information.
To retreive information and validation we can follow below steps:
- Step 1 :
In this step we will fetch access token to use the google api's for receipt verification. Now we will put a post request for access token using Refresh token approach.
void fetchAccessToken(){ DefaultHttpClient httpClient = new DefaultHttpClient(); try { HttpPost post = new HttpPost("https://accounts.google.com/o/oauth2/token"); Listnvps = new ArrayList (); nvps.add(new BasicNameValuePair("grant_type", "refresh_token")); nvps.add(new BasicNameValuePair("client_id", CLIENT_ID)); nvps.add(new BasicNameValuePair("client_secret", CLIENT_SECRET)); nvps.add(new BasicNameValuePair("refresh_token", REFRESH_TOKEN)); post.setEntity(new UrlEncodedFormEntity(nvps, HTTP.UTF_8)); HttpResponse response = httpClient.execute(post); int responseCode = response.getStatusLine().getStatusCode() String responseBody = EntityUtils.toString(response.getEntity()) } catch (Exception ex) { log.debug "Error occured due to ::"+ex.getMessage() } finally { httpClient.getConnectionManager().shutdown(); } }
ResponseCode : Response code tells about response of request.
We will retreive access code from response which is of JSON format.
- Step 2 :
In this step we will send request to google api server for receipt verification with access code which is provided form step 1.
void fetchReceiptInformation(){
DefaultHttpClient httpClient = new DefaultHttpClient();
HttpGet receiptInformationRequest
try {
if(Not CONSUMABLE)
receiptInformationRequest = new HttpGet("https://www.googleapis.com/androidpublisher/v2/applications/"+packageName+"/purchases/subscriptions/"+productId+"/tokens/"+purchaseToken+"?access_token="+accessToken);
else
receiptInformationRequest = new HttpGet("https://www.googleapis.com/androidpublisher/v2/applications/"+packageName+"/purchases/products/"+productId+"/tokens/"+purchaseToken+"?access_token="+accessToken);
HttpResponse response = httpClient.execute(receiptInformationRequest);
int responseCode = response.getStatusLine().getStatusCode()
String responseBody = EntityUtils.toString(response.getEntity())
}
catch (Exception ex) {
log.debug "Error occured due to ::"+ex.getMessage()
} finally {
httpClient.getConnectionManager().shutdown();
}
}
In the above code we have to provide few request parameter :
- ProductId : Id of product which is being purhased.
- Package Name : Name of package to which product belongs to.
- Purchase Token : Token to be generate while purchase of product.
- Access Token : Token which is used to access api for receipt verification fetched from above step.
The response provided by api request is of JSON format which provides many information of receipt for consumable and non-consumable product and many others.
We can store all these information at server side and can use this information as a record of user.
Please feel free to ask any query, Thank You.
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Tushar Paliwal
Tushar is a developer with experience in Groovy and Grails , Spring and enterprise Java Technologies.