2

Our game is an in-app purchase game and we would like to verify the order id on our own security server.

We’ve received the purchase result from Google on device, and we are looking for a way to get the order information from developer’s Google wallet by order id which includes in purchase result, because there are some users that use some ways to pass our purchase verification on device without pay.

We can check all the orders on our Google wallet account, so there should be an API for developers to get the order information and we’ve googled for the key words “Google Wallet API”, “Android order id”, etc. but found nothing we can use.

Do you have any clue for this? Or how are you guys verifying orders with the order id?

dakab
  • 5,379
  • 9
  • 43
  • 67
Leo Yin
  • 21
  • 1
  • 4
  • Did you look at this - https://developer.android.com/google/play/billing/index.html? – Shmuel Jul 19 '13 at 03:45
  • to David, Yes, we've checked the document few times and found "Security Recommendation". And we use the verifyPurchase() to verify signature which in the response from Google, but it always return true, even run the game under hack app. – Leo Yin Jul 19 '13 at 04:44
  • What exactly do you mean by *"Because there are some users use some ways to pass our purchase verification on device without pay"*? – EdSF Jul 19 '13 at 07:02
  • Sorry for that unclear. I mean, here is a mismatch between the order list on Google wallet and the list that game server handle orders. We've found there is a hack app name "Freedom" can buy virtual items in -app without pay, but you have to root your device first. – Leo Yin Jul 19 '13 at 07:40
  • The point of this question is how to get the order information from Google wallet by order id ? then our game server can verify the order is correct or not. :) – Leo Yin Jul 19 '13 at 07:41
  • Found the answer on this thread: [link](http://stackoverflow.com/questions/11115381/unable-to-get-the-subscription-information-from-google-play-android-developer-ap?rq=1). We've tried and it works. :) – Leo Yin Jul 25 '13 at 20:35

1 Answers1

1

Purchase verifycation can be done using Purchase Status API:

Using that, you can check purchaseState, consumptionState and developerPayload, which was sent in your purchase request and can be an unique identifier of the user. For more info see: Purchases products API info

peter.bartos
  • 11,855
  • 3
  • 51
  • 62
  • Hi! How are provide authentication? As the GET method you mentioned above requires authentication. `This request requires authorization with the following scope https://www.googleapis.com/auth/androidpublisher` – Shajeel Afzal Feb 17 '15 at 09:52
  • 1
    I'm desperately seeking for a way to validate our customers purchase by orderid, but not avail yet. Seeing the [In-app Billing Reference](http://developer.android.com/google/play/billing/billing_reference.html), the `token` refererred above by @teepee is not an orderid, but a separate entity delivered by in-app billing api. orderId - A unique order identifier for the transaction. This identifier corresponds to the Google payments order ID. purchaseToken - A token that uniquely identifies a purchase for a given item and user pair. – shr Sep 03 '15 at 09:49