19

I want to verify an inAppPurchase that has been made in my Android app.

  1. I created a new service account in the Google API console.

    a. The service account is listed under permissions and has "can view" permission

  2. I'm using the most current version of https://github.com/google/google-api-php-client

  3. code snippet from my PHP script:

    $client = new Google_Client();
$client->setApplicationName('myAppName' );
$client->setClientId('123456789123-vxoasdt8qwe6awerc9ysdfmjysdfysf64werweria8fh.apps.googleusercontent.com');
$key = file_get_contents('/shr/data/stor/b516cexx3123asdf3988345d8133e7f86bfas2553-privatekey.p12');
$service_account_name = '123456789123-vxoasdt8qwe6awerc9ysdfmjysdfysf64werweria8fh@developer.gserviceaccount.com';

$client->setScopes(array('https://www.googleapis.com/auth/androidpublisher') );
$cred = new Google_Auth_AssertionCredentials( $service_account_name, array('https://www.googleapis.com/auth/androidpublisher'), $key );
$client->setAssertionCredentials($cred);

try {
    $service = new Google_Service_AndroidPublisher( $client );
    $googleApiResult = $service->inapppurchases->get($externalAppId, $externalProductId, $purchaseToken);
} catch (Exception $e) {
    var_dump( $e->getMessage() );
}

  4. Response from Google:

    GET https://www.googleapis.com/androidpublisher/v1.1/applications/de.test.myapp/inapp/de.test.inapp.google.balance5eur/purchases/[PURCHASETOKEN]: (401) The current user has insufficient permissions to perform the requested operation.

    [PURCHASETOKEN] is the purchase token I received from Google

  5. Setting $cred->sub = 'foo@bar.de' to my mail address brings up

    Error refreshing the OAuth2 token, message: '{ "error": "unauthorized_client", "error_description": "Unauthorized client or scope in request." }'

Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109
glutorange
  • 993
  • 1
  • 10
  • 17

1 Answers1

46

You must to connect your API with your app. You must go to your Google Play publish page (https://play.google.com/apps/publish) and invite a user with the service account email in Settings->User account & rights->Invite new user and give it the privileges of "View financial reports".

This means that, whereas you normally might see a number of users from your domain listed in the Google Play Console (Email: user1@mydomain.example, Role: Finance; Email: user2@mydomain.example, Role: Administrator), you will now add another user and give him a Finance role (Email: XXX@developer.gserviceaccount.com, Role: Finance).

Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109
frieser
  • 729
  • 6
  • 8
  • 3
    You saved my day! Thank you very much! Why is this not documented in the Google documentation? – glutorange Jun 25 '14 at 12:19
  • Unfortunately this isn't solving the issue for me. Same error response. What does "connect your API with your app" mean? Is that adding the service account email? – Bob Mitchell Jul 24 '14 at 18:30
  • Here's some docs on transferring apps between google play accounts which is what led me to getting the 401 error. https://support.google.com/googleplay/android-developer/checklist/3294213?hl=en – Bob Mitchell Jul 25 '14 at 01:25
  • 2
    @BobMitchell "connect your API with your app" means "authorize your application to obtain 'financial' information (like app purchases and in-app purchases) of the google play publish account that you own and receives the purchases, through the Google Api". So you have to give privileges to the user you use as clientid ("123456789123-vxoasdt8qwe6awerc9ysdfmjysdfysf64werweria8fh.apps.googleusercontent.com" in this question) in your google play publisher page to access financial information. I hope it helps you. – frieser Jul 25 '14 at 12:56
  • 1
    I'm trying to get in app purchases verification, the request is GET https://www.googleapis.com/androidpublisher/v2/applications/[packageName]/purchases/products/[productId]/tokens/[token]. Also, I've configured everything as far as I know, linked the API with the app, gave admin permissions to the user I've made, got the token, etc., But it keeps throwing the 401 error "The current user has insufficient permissions to perform the requested operation." Any ideas? How can I give more permissions than admin allows?. – jmdiego Oct 28 '14 at 12:08
  • For Testing purpose it works for the gmail with financial access.How this case works in case of multiple gmail users?? in real time?? – shyam Oct 08 '18 at 07:56