Skip to content

Instantly share code, notes, and snippets.

@vovkab

vovkab/gist:d9f76e3429cdf20a4e0c

Forked from ohmrefresh/gist:55149f68c41a148ae673
Created January 13, 2016 18:05
Show Gist options
  • Save vovkab/d9f76e3429cdf20a4e0c to your computer and use it in GitHub Desktop.
Save vovkab/d9f76e3429cdf20a4e0c to your computer and use it in GitHub Desktop.
Download ZIP
How to Server-side verification of Google Play subscriptions
Raw
gistfile1.txt
1.create google app (google console)
Example:
Client ID xxx.apps.googleusercontent.com
Email address [email protected]
Client secret xxx
Redirect URIs
https://localhost/oauth2callback
Javascript Origins
https://localhost
2.get Authorization code:
Request URL(GET):
https://accounts.google.com/o/oauth2/auth?redirect_uri={REDIRECT_URI}&response_type=code&client_id={CLIENT_ID}&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fandroidpublisher&approval_prompt=force&access_type=offline
Note:
{CLIENT_ID} = from google console
{REDIRECT_URI} = from google console (must encode url)
Response:
[code]
Example:
https://accounts.google.com/o/oauth2/auth?redirect_uri=https%3A%2F%2Flocalhost%2Foauth2callback&response_type=code&client_id=xxx.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fandroidpublisher&approval_prompt=force&access_type=offline
Response:(code)
https://localhost/oauth2callback?code=4/NWmwI5Qmuqer2CmiGxvAsAXVw9lb.opOrLaIVal0WXE-sT2ZLcbRHKlFXiwI
[code] = 4/NWmwI5Qmuqer2CmiGxvAsAXVw9lb.opOrLaIVal0WXE-sT2ZLcbRHKlFXiwI
3.get Refresh token
Request URL(POST):
https://accounts.google.com/o/oauth2/token
Parameter:
grant_type ==>'authorization_code'
client_id ==>[GOOGLE_CLIENT_ID]
client_secret ==>[GOOGLE_CLIENT_SECRET]
code ==>[code]
redirect_uri ==>[GOOGLE_REDIRECT_URI]
Notes:
[GOOGLE_CLIENT_ID] from google api console
[GOOGLE_CLIENT_SECRET] from google api console
[GOOGLE_REDIRECT_URI] from google api console
[code] from step 2
Response:
{
"access_token":"ya29.1.AADtN_VQsXaZPIhT1E_JKTjHG6nED5KuwAt-mOwdYFaEXxweJ8iqYzt06OCiozKlr3w8AQ",
"token_type":"Bearer",
"expires_in":3600,
"refresh_token":"1/CZi1-1yRSAFfgJTYFNmX9vlf0SdYr92FuQ3WnUY_khE"
}
4. Using the Access Token to make API request
Document
https://developers.google.com/android-publisher/v1_1/purchases/
option 1 : GET with custome header
[PHP]
$lAccessToken = "{The access token you got in}" ;
$lPackageNameStr = "{your apps package name com.something.something}";
$lURLStr = "https://www.googleapis.com/androidpublisher/v1.1/applications/[PACKAGENAME]/subscriptions/[SKU]/purchases/[PURCHASETOKEN]";
$curl = curl_init($lURLStr);
curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
$curlheader[0] = "Authorization: Bearer " . $lAccessToken;
curl_setopt($curl, CURLOPT_HTTPHEADER, $curlheader);
$json_response = curl_exec($curl);
curl_close($curl);
$responseObj = json_decode($json_response,true);
option 2 : GET with url(parameter)
[subscriptions]
https://www.googleapis.com/androidpublisher/v1.1/applications/[PACKAGENAME]/subscriptions/[SKU]/purchases/[PURCHASETOKEN]?authorization_token=[ACCESS_TOKEN]
[inapp]
https://www.googleapis.com/androidpublisher/v1.1/applications/[PACKAGENAME]/inapp/[SKU]/purchases/[PURCHASETOKEN]?authorization_token=[ACCESS_TOKEN]
Notes:
[PACKAGENAME] ==> package name (ex. com.ace.payment)
[SKU] ==> package name (ex. item1)
[PURCHASETOKEN] ==> from android device purchase
Response:
{
"kind": "androidpublisher#subscriptionPurchase",
"initiationTimestampMsec": long,
"validUntilTimestampMsec": long,
"autoRenewing": boolean
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment