I wish to verify a receipt of in-app purchase in an app through google play using a php page. How should i do it?
Asked
Active
Viewed 1.3k times
8
-
please see my sample code in this link: http://stackoverflow.com/a/35718040/2710505 – Leon Qiu Mar 01 '16 at 08:39
1 Answers
10
I'm no PHP expert so I'm not going to post any code, but the overall process is very straight forward and it should be dead easy to port to PHP. You need three things to verify a purchase:
- Your app's public key (from Services & APIs in Google Play Developer console)
- The original JSON of the purchase
- The purchase signature
If you implement in-app billing on Android using the IabHelper classes you'll get a Purchase object when you make a successful purchase or when you query the inventory. The Purchase object contains two methods that you need: Purchase.getOriginalJson() and Purchase.getSignature().
Securely store your app's public key on your server and POST the signature and the original JSON (base64 encode it before you send it) to you server. Retrieve the signature and json from $_POST and refer to Google's Java implementation of how to verify a purchase. It seems as though you can use PHPs built in openssl_verify function.
britzl
- 10,132
- 7
- 41
- 38
-
What should I pass to [ https://gist.github.com/menny/1985010#file-verify_market_in_app-php ] this page's signed_data parameter? I am using unity and c#, at there, pass purchase.OriginalJson is signed_data? – creator May 25 '15 at 02:03
-
If I'm not mistaken, the signed data should be the entire receipt (ie point #2 in my list above) – britzl May 25 '15 at 06:43
-
Correct me if I'm doing, but doesn't the newer docs show a method of verification (server side only) that doesn't use all this base64 and signed stuff? Just using the purchase token and queuing against the get() – TheLettuceMaster Oct 09 '18 at 06:21