This is very embarrassing: a few months ago I registered my a credit card to my Google account to enable Google translate in an application I am developing. Since then, Google has been happily billing my card, but I have never received an email invoice and when I now log in with the account I think I used, I see the Translate API disabled in the API Console and I can't find any billing tab.
I've searched my emails and electronic receipts but can't find any confirmations connecting a particular Google account (I have about 10 for different clients and projects). Is there any way of working back from the key and find the corresponding Google account? Any other suggestions? It's kind of bad form to not sending some email to confirm a credit card charge of ~$100 a month...
I ended up tracking down the account. It was a gmail account and all the receipts had been emailed to that account too obviously.
Related
My server receives a real-time developer notifications (RTDN) from Google Play. Now what?
How to check whether RTDN by Google Play comes from Google, not from a hacker? Suppose I use purchases.products.get API to check it. Then a hacker could send me repeated RTDN, what would lead my server into thinking that purchase happened two times (when it was really one time).
I want my server to top the user account on every purchase from my app. I want the amount of purchase to be arbitrary (specified by the user). Should I include the amount in dollars into product productId/SKU like: credit-$0.78?
Also, it is unclear how to determine the installation ID of the app (a UUID I store in app data on installation) for which the purchase was done. Should I include the UUID in productId/SKU?
Quoting https://developer.android.com/google/play/billing/security
A special case of sensitive data and logic that should be handled in the backend is purchase verification. After a user has made a purchase, you should do the following:
Send the corresponding purchaseToken to your backend. This means that you should maintain a record of all purchaseToken values for all purchases.
Verify that the purchaseToken value for the current purchase does not match any previous purchaseToken values. purchaseToken is globally unique, so you can safely use this value as a primary key in your database.
Use the Purchases.products:get or Purchases.subscriptionsv2:get endpoints in the Google Play Developer API to verify with Google that the purchase is legitimate.
If the purchase is legitimate and has not been used in the past, you can then safely grant entitlement to the in-app item or subscription.
[skipping about verification of subscriptions]
Real-time developer notifications (RTDN) is a mechanism to receive notifications from Google whenever there is a change in a user's entitlement within your app. RTDN leverages the use of Google Cloud Pub/Sub which is encoded and secure, each publish made to a Cloud Pub/Sub topic contains a single base64-encoded data field.
Note: You must call the Google Play Developer API after receiving Real-time developer notifications to get the complete status and update your own backend state. These notifications tell you only that the purchase state changed. They do not give you complete information about the purchase.
The Google Play Developer API is a server-to-server API that complements the Google Play Billing Library on Android. This API provides functionality not available in the Google Play Billing Library, such as securely verifying purchases and issuing refunds to your users.
I have a Google Adsense account, I'm using it to show ads on my websites, also I'm using Admob to show ads on my applications. Everything is working fine as I have successfully verified my ID and Address with PIN and receiving money. And now I want to publish my applications on Google Play Store so I visited website to buy console account, it's written that google may ask to verify my identity and if failed money won't be refunded. My question is that after buying it, will google ask me to verify my identity with my photograph and government ID ?
They usually do not try to verify you, but usually it happened when you want to get payment for IAP (in app purchases) inside your apps.
Then they will ask for government ID (I recommend using passport), and will ask you to add a bank account to receive your money, it will take couple of days then they will verify you.
Do not worry it is normal process, the nonrefundable part is the 24$ you pay to open Google Play Developer account.
They may ask you to verify your phone number (it depends on your country, this is not done in all countries)
I would like to implement a Google Calendar API using FullCalendar Javascript.
Before any start of coding I have some problem to understand what is the main purpose of the Google Calendar API.
As you know there is some Auth process before creation and enabling API.
That means that I, as owner or developer want to use Google Calendar API so I get client/secret/keys strings and it is OK.
I can create an app where I can “promote” my Google Account Calendar being public and then I can show all events from that calendar (dentist booking etc).
Also I am able to use Calendar in another way. For example: Within my App I can create one page where users can auth to their google accounts and see their events
are already created.
But, What if my logged users don't have a Google Accounts.
Google Calendar is strongly connected to already created google accounts? Is it possible to use Google Calendar strictly as an REST API?
I know that this may be a stupid questions but this is something that most of Google Calendar API beginners have problem with.
There are technically two ways of accessing a calendar on Google Calendar.
Your first option is where you are using Oauth2 to authenticate your users. They give you access to their google calendar and you can then insert events directly into their calendar. You can also see the events that they currently have. This as you said wont work if the user in question does not have a google account.
Your second option is to use something called a service account. Think of a service account as a dummy user. It has its own Google calendar account minus the web view. You could potentially us that to store events in a global calendar application calendar. Then when you want to add a user to an event you invite them you can set notification no they should receive an email and they will them be able to add the event to their own personal calendar. For you this may work out better because it does not require you to have access to the Users google calendar the only draw back will be there is no way for you to see if said user has any events going on at that time since you don't have access to their account to check.
I have given you a couple of links to some tutorials that I have write a few years ago that explains the difference between oauth2 and service accounts.
Google Calendars are tied to users, which means Google users. First of all, to access the API you need a GoogleAPIs developer key. This requires a Google account. Then you need Google accounts to use or test with the API.
The Google Calendar is tied to a user account as described at https://developers.google.com/google-apps/calendar/concepts/. One thing to notice is that "event" is an atomic unit in the API and a calendar is a set of events. In other words, a calendar in the Calendar API isn't a timespan like we think of "this year's calendar", it's a set of event objects. Within the app you describe, if the users don't have google accounts then they don't have associated calendars. You would have to tie these users to some kind of public or shared calendar. It's unclear if using the Calendar API solely as a REST API as you describe (without actual or "verified" user accounts) is in accordance with the Terms & Conditions. That aside, in theory it may be possible to use a service like that as a REST API to suit your needs. Maybe you can try inverting the problem so an event becomes the user with a primary calendar. Now the location of the event can be treated as the API-event. Other (normal Google) users can "attend" the location, at the given time, created by this event (=user). You could also apply the same approach to invert the problem by location. Location becomes the user, event becomes the API-event, and attendees are normal users. The latter approach is used commonly in businesses to book resources like rooms, equipment, etc.
I submitted an extension to Chrome Web Store but as a developer, if I reply to a support review my Google Plus account is published.
Is it possible to hide Google Plus account? If not, do you recommend to create another account without breaking Chrome TOS?
You can use another account for that. Google's Publishing tutorial says:
decide which Google Account you want to be your developer account.
This account will own your app (or multiple apps, if you choose) and
will receive any payments you get from Chrome Web Store Payments.
Instead of your personal account, you might want to choose a dedicated
account.
I have a website that provides a specific SW service.
I would like to allow users to subscribe to this SW service:
Sign-Up: the user provides credit card details, a username and a password.
Sign-In: the user enters username+password in order to get access to my SW service.
The user's credit card should be charged once per month (i.e., recurring payment).
I'm considering Google Wallet for this purpose, but there are a couple of issues that I'm concerned about:
Can I use the Google Wallet API in order to implement sign-up and sign-in, or should I implement user-authentication separately within my server?
Is the Google Wallet API available only for mobile devices? This is implied in both Google Wallet's website and in Wikipedia. My website is primarily intended for use through desktop PCs, and not through smartphones.
Thank you for your help!
For the sign-up / sign-in part, if you want to use Google's OAuth service you can try at the Google+ Sign-In.
For the recurring payment part, the Google Wallet for digital goods API offers a monthly subscription API and a web-based payment flow. If the user does not already have a credit card saved in their Wallet, they will be prompted only once to add a card.