TLDR: Payment verification should be easy; now it is.
If you are trying to earn a living or build a product on mobile, you need to monetize it. Many applications utilize 'In App Purchases' as the primary method of monetization. The best way of verifying purchases is via a server to server communication with the store that the purchase was made from.
If you use Parse.com as your backend server, you can use Cloud Code to make those calls. While some stores offer fairly straight forward verification steps, others are more convoluted and poorly documented.
This module makes it quick and easy so you don't have to reinvent the wheel for every new project (or spend days digging through documentation and trying various things), just like Parse does for standard backend db access, user login, etc.
Parse Project
- parse-iap-verify cloned into ParseCloud/cloud/iapVerify of your project repo (submodules are nice)
- ParseCloud running Parse JavaScript SDK 1.3.0+ (to utilize Parse.Config)
- Parse.Config object named googlePlayAuth w/ key values for clientID, clientSecret and refreshToken
Apple App Store
- No special setup required
Google Play Store
- Open a beer... this is going to take a while.
- Create a Google API service account Sign Up
- Create a new Project
- Enable Google Play Developer API
- Create Credentials for this project (skip the automatic setup)
- Choose New Credentials button)
- Select OAuth Client ID
- Select Web Application
- Fill in: (NOTE: The redirect URI doesn't really matter, but a working site is nice)
- Name
- Authorized redirect URIs
- Record the Client ID and Client Secrect
- Visit the following URL in a browser: https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/androidpublisher&response_type=code&access_type=offline&redirect_uri=WEB_REDIRECT_URI&client_id=WEB_CLIENT_ID
- Click Allow & authenticate yourself
- Once you arrive at the redirect site, copy the URI out of the addres bar
- Copy down the 'code' parameter value at the end of the URI ?code="1/......."
- Retrieve a refresh token to use when verifying receipts (curl example follows)
- curl -d "client_id=WEB_CLIENT_ID&client_secret=WEB_CLIENT_SECRECT&code=STEP_9_CODE&grant_type=authorization_code&redirect_uri=WEB_REDIRECT_URI" https://accounts.google.com/o/oauth2/token
- Create Parse.Config object named googlePlayAuth with above clientID, clientSecret and refreshToken
- Celebrate
##Usage
Only a single method is exposed to verify purchase receipts:
var iap = require('cloud/iapVerify');
var platform = 'apple';
var payment = {
receipt: 'receipt data', // must be base64 for Apple
productId: '0001',
packageName: 'com.company.app'
};
iap.verifyPayment(platform, payment);
// Returns a Promise w/ JSON result
// SUCCESS - status = 0, receipt information passed verification
// { 'status':0,
// 'productId':'0001',
// 'receipt':{store_specific_receipt_data}
// }
// FAILURES
// { 'status':123,
// extraError:'informational string'
// }API Reference
API Reference
- https://developer.android.com/google/play/billing/gp-purchase-status-api.html
- https://developers.google.com/android-publisher/
- https://developers.google.com/android-publisher/api-ref/purchases/products
- https://developers.google.com/android-publisher/api-ref/purchases/products/get
- http://developer.android.com/google/play/billing/billing_testing.html
Receipt Generation
- http://developer.android.com/training/in-app-billing/preparing-iab-app.html
- http://developer.android.com/tools/publishing/app-signing.html
- http://developer.android.com/google/play/billing/api.html#managed
##Thank You Kudos to:
Kalina for outlining the steps required for Android IAP verification. Many people tried, but yours were the only ones that actually worked!
Wizcorp for highlighting so many great IAP references and a nice API interface in their Node-IAP module
Nick Lockwood for all of the amazing contributions he has shared with the community
Parse for building such a great BaaS and making it so easy to create great mobile products with a strong server component quickly
##Contributing Use Github issues to track bugs and feature requests.
MIT