We do validate the google play in app purchase receipt on our backend server.
For testing we do fake the receipts and test with them our system.
Is there a possibility to do a test purchase from the backend server to google's test server, to generate a receipt?
Or is there a possibility to get an fake receipt directly from google play?
For Android there are static responses for testing, maybe for backend server too.
It will be a better test then to fake the receipt by my own.
All purchases, including test purchases, must be done using an Android application (via a real device or an emulator). It happens because the purchase is executed by the Google Play Store app, and authenticated by the user.
About the server-side API, according to the Google Play Developer API, you can use the Subscriptions and In-App Purchases API to:
[...] manage your app's catalog of in-app products and subscriptions. In
addition, with the Subscriptions and In-App Purchases API you can
quickly retrieve the details of any purchase using a standard GET
request.
So, after your purchase is completed (starting on the device), you can manage it's status, get details from the API and etc.
Related
My server receives a real-time developer notifications (RTDN) from Google Play. Now what?
How to check whether RTDN by Google Play comes from Google, not from a hacker? Suppose I use purchases.products.get API to check it. Then a hacker could send me repeated RTDN, what would lead my server into thinking that purchase happened two times (when it was really one time).
I want my server to top the user account on every purchase from my app. I want the amount of purchase to be arbitrary (specified by the user). Should I include the amount in dollars into product productId/SKU like: credit-$0.78?
Also, it is unclear how to determine the installation ID of the app (a UUID I store in app data on installation) for which the purchase was done. Should I include the UUID in productId/SKU?
Quoting https://developer.android.com/google/play/billing/security
A special case of sensitive data and logic that should be handled in the backend is purchase verification. After a user has made a purchase, you should do the following:
Send the corresponding purchaseToken to your backend. This means that you should maintain a record of all purchaseToken values for all purchases.
Verify that the purchaseToken value for the current purchase does not match any previous purchaseToken values. purchaseToken is globally unique, so you can safely use this value as a primary key in your database.
Use the Purchases.products:get or Purchases.subscriptionsv2:get endpoints in the Google Play Developer API to verify with Google that the purchase is legitimate.
If the purchase is legitimate and has not been used in the past, you can then safely grant entitlement to the in-app item or subscription.
[skipping about verification of subscriptions]
Real-time developer notifications (RTDN) is a mechanism to receive notifications from Google whenever there is a change in a user's entitlement within your app. RTDN leverages the use of Google Cloud Pub/Sub which is encoded and secure, each publish made to a Cloud Pub/Sub topic contains a single base64-encoded data field.
Note: You must call the Google Play Developer API after receiving Real-time developer notifications to get the complete status and update your own backend state. These notifications tell you only that the purchase state changed. They do not give you complete information about the purchase.
The Google Play Developer API is a server-to-server API that complements the Google Play Billing Library on Android. This API provides functionality not available in the Google Play Billing Library, such as securely verifying purchases and issuing refunds to your users.
I am developing Xamarin.Forms application which will be used for Android and iOS. It will have access to full functionality with a paid subscription.
I researched about subscriptions policy for Play Market and App Store and they require to use their in-app billing if an application gives access to some of its functionality only with a subscription.
But if, for example, user buys the subscription in Android app and then wants to use iOS app - what is the best way to handle this? Since subscriptions are created separately on Play Market and App Store side they need to be somehow synced?
That's probably a problem that was solved a ton of times, but I can't find how to do it
This is explicitly allowed on the platforms, e.g., here's an excerpt from Apple's App Review Guidelines:
3.1.3(b) Multiplatform Services: Apps that operate across multiple platforms may allow users to access content, subscriptions, or
features they have acquired in your app on other platforms or your web
site, including consumable items in multi-platform games, provided
those items are also available as in-app purchases within the app.
As to how to do this: Basically you have to have user authentication and a backend that ties a subscription status to a user ID. Also, the backend needs to keep the subscription status up to date by refreshing the subscriptions with the stores (Apple App Store, Google Play Store).
(If you weren't using Xamarin, I'd recommend using RevenueCat for this (disclaimer: I work there), but we don't have a Xamarin SDK so I don't think
that that's a possibility)
Is it possible to have payment gateway in TWA app the same like on normal website? I heard that only Google Play payment gateway can be used in apps in the play store.
I want to keep my payment gateway as I have on the main page, ie Stripe.
It depends on what you are selling in your application. An application selling physical(eg: a shoe store) is not required to use Play Billing but an application selling Digital Goods (eg: subscriptions, unlocking features in the app, streaming content) is.
The best thing is checking out the Play Policy Center for details and see where your case falls: https://support.google.com/googleplay/android-developer/answer/9858738
I have payoneer account and i'd like to receive payments from app into this account.
Payments are not for physical goods. They are more like app content-unblockers.
Let's focus on Android and Google Play distribution case.
I suppose, payoneer is not designed for processing quick small payments, right?
I need these:
App should be able to set price according to misc factors.
Payments should be instant without credit card entering - i guess it called "Payments from Google Wallet". E.g. if i (app user) have google account and i have payment method in Google Play, then i do not need to enter my credit card number again.
Payments should be possible independently of user location (country)
So, can I use, say, Braintree to process payments with those requirements?
Will it violate any kind of Google Play policies (the fact, that i'm processing payments not through Google)?
The same questions about iOS
For Android : You can use third party payment seamless/non-seamless as long as their sdk supports Android platform. Google doesn't stop you from choosing any payment service.
For iOS : : It's million dollar question. Always refer to latest app store review guidelines https://developer.apple.com/app-store/review/guidelines/#purchasing-currencies
You can use third party payment gateway in iOS if you are selling physical goods/services outside of the app. For any in-app purchases you must use IAP.
For any in-app purchases if you use other purhasing mechanisms your app will be rejected.
Refer to section 3.1.1
If you want to unlock features or functionality within your app, (by way of example: subscriptions, in-game currencies, game levels, access to premium content, or unlocking a full version), you must use in-app purchase. Apps may not include buttons, external links, or other calls to action that direct customers to purchasing mechanisms other than IAP.
Our app has already implemented in-app purchase.
But, we previously don't keep track of it, and only relies on the google's service whether a user's level is premium or regular.
Now, we want to track it in our server as well.
Is it possible to get the users data who've bought our subscriptions? (especially his/her email)
Based from the following documentations, there is no currently existing method to get a list of your app's subscriber's.
Google Play Developer - API Reference
In-app Subscriptions
Currently existing features with Google Play Developer API is that, it offers an HTTP-based API that lets you perform such tasks as:
Remotely query the validity of a specific subscription at any time
Cancel a subscription
Defer a subscription's next billing date
Refund a subscription payment without canceling the subscription
Refund and revoke a subscription
The API is designed to be used from your backend servers as a way of securely managing subscriptions, as well as extending and integrating subscriptions with other services.
For complete information, you may go through Google Play Developer API.