Updated on 18. February 2024 by Jan Bunk
While setting up your own verification endpoint is a bit complicated, we will go through the main steps in this guide to point you into the right direction.
The app will POST a JSON object such as the following to your verification endpoint:
Google Play purchase example JSON:
{
// the userIdentifier you passed via Javascript
"userIdentifier": "user123",
// your app's ID (only relevant if you have multiple apps using the same verification endpoint)
"appId": 1234,
"purchaseDetails": {
"verificationData": {
"serverVerificationData": "abcdefghijklmnopqrstuvwx.AO-J1Oyabcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopq",
// the "autoRenewing" property in localVerificationData is only sent if the product is a subscription
"localVerificationData": "{\"orderId\":\"GPA.1234-1234-1234-12345\",\"packageName\":\"example.package.name\",\"productId\":\"exampleProductId\",\"purchaseTime\":1643389081662,\"purchaseState\":0,\"purchaseToken\":\"abcdefghijklmnopqrstuvwx.AO-J1Oyabcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopqrstuvwxyz123456789_-abcdefghijklmnopq\",\"autoRenewing\":true,\"acknowledged\":false}",
"source": "google_play"
},
"productID": "consumable",
"purchaseID": "GPA.1234-1234-1234-12345",
// can also be "restored" if triggered by a call to restorePurchases()
"status": "purchased",
"transactionDate": "1643389081662"
}
}
}
App Store purchase example JSON:
{
// your app's ID (only relevant if you have multiple apps using the same verification endpoint)
"appId": 1234,
// the userIdentifier you passed via Javascript
"userIdentifier": "user123",
"purchaseDetails": {
"verificationData": {
"serverVerificationData": "veryLongBase64String",
"localVerificationData": "veryLongBase64String",
"source": "app_store"
},
"productID": "consumable",
"purchaseID": "123",
// can also be "restored" if triggered by a call to restorePurchases()
"status": "purchased",
"transactionDate": "1644239123000"
}
}
Then, based on the source, you need to
verify the purchase with Google Play
(if source==google_play)
or with the App Store
(if source==app_store).
Afterwards, if the purchase is valid, you should grant the user access to the purchased product.
You will mainly need the userIdentifier (which is the string you passed when you called makeInAppPurchase in your website's Javascript) to determine who to unlock the products for and the productID to determine what product to unlock for the user.
After an in app purchase - especially a subscription - was made, you will need to listen to any changes that get made to it. For example you will be notified when a subscription was canceled or an in app purchase was refunded, so you can then revoke the benefits the user gets from the subscription.
Finally, return a 200 status code and this JSON, so the app can confirm the purchase:
{
"complete_purchase": true
}
Or, if the purchase is invalid, return a 200 status code and this JSON, in which case the app won't confirm the purchase:
{
"complete_purchase": false
}
If you don't return a 200 status code, the app will try to repeat the request. If the app is unable to get a response indicating that the purchase was verified, it will not confirm the purchase. This will lead to the purchase being automatically refunded in 3 days (if it actually was valid).
Here's a list of related pages about in app purchases: