For anyone who stumbled on this, this was the craziest thing I have ever had to deal with but I managed to figure it out and do it right. I want to thank the following articles for helping me slowly but surely get to the bottom of this. I will add the most frustriating part of this is the steps I am going to list below, I am not 100% convinced they are all necessary because the only error I ever got during this was "403 Insufficient Permissions" so all I can really do here is tell you EVERYTHING I did and hope it works for you.
This article got everything working but was using the web access approach and stating that the service account wouldn't work
http://milancermak.wordpress.com/2012/08/24/server-side-verification-of-google-play-subsc/
This was a great implementation on the above article for Ruby
https://gist.github.com/cornflakesuperstar/5632813
This was a great article on how to get the key so that you could store it as an environment variable for Heroku
http://ar.zu.my/how-to-store-private-key-files-in-heroku/
This was a good article on how to setup the service account (note I am not the account owner of our services so I was flying blind on telling him how to do this. This article worked)
https://developers.google.com/console/help/#activatingapis
This was the article on how you need to authorize the auto generated email from above
How can I authorize with OAuth 2.0 for google's predictive API in Ruby?
The official Google Implementation for the API is here
https://developers.google.com/android-publisher/api-ref/purchases/subscriptions/get
After countless late nights since I posted this article I was able to get this working WITH A SERVICE ACCOUNT with the following steps
- I had our developer console admin generate me the service account information as described in the above developer article
- I had our admin add the email account and allow it permission as described in the above stack overflow article
- I followed the article on how to make the key a string that could be stored as a string
After tons of trial and error, miraculously got a "200" out of the API. Here is my code
ISSUER = '45366745684568-afdasfasdfasdfasdfasdf@developer.gserviceaccount.com' # From service account
APP_NAME = '<appname>' # This value didn't seem to matter. I think it is for logging
APP_VERSION = '1.0' # This value didn't seem to matter. I think it is for logging
class SomeClass < ActiveRecord::Base
def self.google_api_client
@@google_client ||= Google::APIClient.new(
application_name: APP_NAME,
application_version: APP_VERSION
).tap do |client|
# Load the key downloaded from the Google Developer Console
if ENV['GOOGLE_API_KEY'].nil?
puts "Be sure that you have ENV['GOOGLE_API_KEY'] defined in your environment."
return
end
key = OpenSSL::PKey::RSA.new ENV['GOOGLE_API_KEY'], 'notasecret'
# Initialize the connection
client.authorization = Signet::OAuth2::Client.new(
:token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
:audience => 'https://accounts.google.com/o/oauth2/token',
:scope => 'https://www.googleapis.com/auth/androidpublisher',
:issuer => ISSUER,
:signing_key => key)
client.authorization.fetch_access_token!
end
end
def self.test_server(package_name, subscription_id, token)
# Get the client
client = self.google_api_client
# Discover the subscriptions API
publisher = client.discovered_api('androidpublisher', 'v2')
# Make the API call
result = client.execute(
:api_method => publisher.purchases.subscriptions.get,
:parameters => {'packageName' => package_name, 'subscriptionId' => subscription_id, 'token' => token}
)
end
end
Once I did all of the steps above I was still struggling (same 403 error). I realized the thing that was burning me was the 'scope' was not properly set to 'https://www.googleapis.com/auth/androidpublisher'. I hope this really helps someone. This was tearing me apart and now it works perfect.
Thanks all of the mentioned articles for your help.
