google api androidpublisher error code 403

Question

I am stucking with the following problem like one month already, I am trying to verify an inapp purchase by using the following api :https://developers.google.com/android-publisher/authorization

I followed every step from the documentation(doing everthing with Postman Rest Client from Chrome), I can retrieve an accesstoken and a refresh token, but whenever when I try to query a purchase it results in error code 403 access not configured, BUT I CONFFIGURED IT IN THE SETTINGS!

anybody with an idea maybe?

Answer 1

It is far from straightforward to get an accesstoken for this API. This blog post helped get me started in the right direction, but I've outlined my own process that does not depend on using any external scripts to work. The steps are:

1. Obtain a client ID and secret (one-time)
2. Obtain a Refresh Token (one-time)
3. Use the Refresh Token to obtain an Access Token (once per hour) 4 Use the access token to access the API

Each of these steps are detailed below:

Obtaining Client ID and Secret

1. Go to the the Google Developer's console
2. Go to your project page
3. Select "Consent Screen" on the left side and make sure that the email address and Product name fields are set
4. Select "Credentials" from the left menu, and select "create a new client id"
5. Leave Application type set to "Web application" and set "Authorized redirect URI" to https://localhost. You do not need to change the Authorized JavaScript Origins.
6. Click "Create Client ID" and record the Client ID and Client secret that result.

Obtaining a Refresh Token

1. In web browser, enter the following URL (substituting correct value for client_id): https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=https://localhost&client_id=XXXX

2. Accept any requests for authorization that appear

3. You will then be redirected to a URL like this:

   https://localhost/?code=4/k0TenvwICIgmBoQOazJy4_EnJr6-.clLqtp_vVAIbEnp6UAPFm0GASPqQigI

   Copy the code from the latter part of this URL

4. Use wget to convert this code into refresh token; substitute CODE, CLIENT_ID, and CLIENT_SECRET

   wget --debug --post-data="grant_type=authorization_code&code=CODE&client_id=CLIENT_ID&client_secret=CLIENT_SECRET&redirect_uri=https://localhost" https://accounts.google.com/o/oauth2/token

5. The resulting JSON file will contain an access_token and a refresh_token. Record the refresh_token value

Obtaining an Access Token

1. send a POST request to https://accounts.google.com/o/oauth2/token with the following fields set (substitute REFRESH_TOKEN, CLIENT_ID, CLIENT_SECRET)
   • grant_type=refresh_token
   • refresh_token=REFRESH_TOKEN
   • client_id=CLIENT_ID
   • client_secret=CLIENT_SECRET

You will get back a JSON string containing an access_token that will be good for one hour.

Using the Access Token to make API request

Fetch from

https://www.googleapis.com/androidpublisher/v1.1/applications/PACKAGENAME/inapp/SKU/purchases/PURCHASETOKEN

with an Authorization header containing the access token, e.g:

Authorization: Bearer ya29.1.AADtN_WoM4-4Fb1voFL-emcUWluijCzwvc9Z-FYM9SPvK03HCbGkdROJTVVPSLHK2IlVJQ

You may also be able to pass the access token as an HTTP query parameter, e.g.

https://www.googleapis.com/androidpublisher/v1.1/applications/PACKAGENAME/inapp/SKU/purchases/PURCHASETOKEN?authorization_token=AUTHTOKEN

Answer 2

I had a similar problem as you. Answer by mmigdol is helpful, but it didn't help me. I finally managed to solve it by looking at links generated here: https://developers.google.com/oauthplayground/

Apparently, Android publisher scope

https://www.googleapis.com/auth/androidpublisher

needs to be added into the link requesting authorisation code (before even generating refresh token) by adding:

&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fandroidpublisher

to get this:

https://accounts.google.com/o/oauth2/auth?redirect_uri=<YOUR_REDIRECT_URI>&response_type=code&client_id=<YOUR_CLIENT_ID>&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fandroidpublisher&approval_prompt=force&access_type=offline