I'm astonished to find very little documentation or examples about obtaining the expiration date for a Play Store subscription. Throughout the official In-app Billing documentation, the following is noted:
When the user successfully purchases a new subscription, your app
notifies a backend server, which stores the purchase token, user name,
and other information in a secure location.
Since your app cannot know the expiration date, your server can poll
Google Play to get the expiration and store it with the purchase token
and other data.
Because your server now knows the expiration date, it does not need to
poll Google Play again until after the expiration date, at which time
it can confirm that the subscription was not cancelled.
In my app I'm able to obtain an Authorization Token via OAuth and a Purchase Token (using convenience methods for in-app billing) and I can send that information to my back end server. However at that point I can find little information on what to do with those tokens once I have them. The only information I've been able to uncover is reference to Google APIs Client Libraries, which provides sample libraries for various languages Client Libraries (I happen to be using PHP). Inspection of the PHP "Documentation" sample (Getting up and running in 60 seconds LOL), shows the following line of code:
$client->setApplicationName('Google+ PHP Starter Application');
What does this have to do with finding a subscription expiration date???? It seems to me that the parameter passed to setApplicationName should have some reference to the Play Store, but there seems to be NO reference to the Play Store in the list of samples (i.e. Google Analytics API, YouTube Data API, etc) Google APIS
So I'm really at a loss on how to move forward.
Any direction would be appreciated.
You need to use the Purchase Status API, which has the Purchases:get method which takes a packageName, subscriptionId, and token and returns a Purchases resource, which contains (among other things) the validUntilTimestampMsec field which is the time at which the subscription will expire.
Related
I'm researching for developing an open source app that will get a sync feature in future.
This will be realized with Firebase Firestore. This feature should only be available to users subscribing to an abonnement via Google Play Billing.
Now, if I upload my google-services.json to my open source repo, anyone can compile the app and remove the check, whether there's an active subscription or not.
But if I don't upload my google-services.json, CircleCI can't build my project, since the file is missing.
Does anyone have experience in this matter, or some tips?
Thanks!
you should have a server for this. firebase or custom, doesn't matter, but the purchase, subscription, and renewal business rules should not be in your app providing the services based on the subscription status.
If all of the logic is in your app, without server, then you're bound to have issues with this. There's no way around that.
You should also assume that somebody will break your subscription logic (to provide free access) and the apk will be listed forever on something like apkmirror for anyone to get it.
Here's a suggested proper flow.
Server:
users need to have a login
have a list of products a user can subscribe to, with SKUs
that exist in the google play store, under your app's products
App:
app calls your server to get a list of products available for this user. you really care about getting the SKUs for this.
make request to google's billing client to get pricing for the list of SKUs
when customer purchases something using google's billing sdk, you'll get a purchase receipt object
send your purchase receipt to your server
Server:
the server will validate the purchase receipt with Google, where the server itself makes an API call to google to verify the authenticity of the receipt
if the receipt succeeds, the server returns a success code
App:
if the response from sending the receipt succeeds, then you make a new request to the billing SDK, this time to fulfill the purchase (close the transaction)
when fulfillment succeeds, call your server to notify that fulfillment is completed. send the lenght of the subscription (monthly, yearly...)
Server:
grant access to the subscription content the user just purchased
when the renewal time is up (which came from the fulfillment call), your server wakes up and calls google to renew the subscription
if renewal succeeds, user continues to have access to the subscription content
Yes, this is A LOT more work, but it is also dramatically more resilient and future proof than having a true/false flag in your app.
With that being said, if your subscriptions are $1 a year, and you expect to have no more than 10 users...then do the quick and easy way.
I'm trying to implement in-app purchases (consumable) using the Google Play Billing Library.(which is proving less straightforward that I would like...).
In order to plan the workflow I'd like to know what information is available to a backend server (or to the app, and then can be verified by the server) about an app's purchases. For example: can I get the date and time of purchase?
Yes, you definitely can get the date and time of purchase, order id, state, purchase token and so on. All information about purchase data is described here:
(Table 7) https://developer.android.com/google/play/billing/billing_reference
Concerning server verification, official doc says
Successful purchases also generate a purchase token, which is a unique identifier representing the user and the product ID for the in-app product they purchased. Your apps can store the purchase token locally or, ideally, pass it to your secure backend server where it can be used to verify the purchase and protect against fraud.
The process steps of server verification you need to implement:
https://developer.android.com/google/play/billing/billing_library_overview#Verify-purchase
Google Play In-app Billing samples for more clarity:
https://github.com/googlesamples/android-play-billing
I've implemented a recurring subscription for Android In App Billing, but I'm wondering how the apps knows that the subscription is renewed. In testing, at least, the subscription is ended after 1 day. Will it be continued when the app is published on the store?
On iOS the testing subscription is renewed a couple of times. Enough to let you test when the subscription is renewed, but what is the best way to do this on Android?
Can I use the purchaseToken to let my server query Google Play API or do ever renewed subscription get a new purchaseToken?
In android IAP, The purchase token expires when the user manually cancels the subscription or disables the auto-renew. Otherwise, you will get a valid purchase token every time. In test mode, the tester's subscription automatically gets expired after 5 minutes but in production, it will work fine. So don't get worried about the production behavior. If you are running the app as a tester, you will get the below payment modes on the payment flow start.
You will have 2 options to test your implementation
Test Card(Always Approves)
Test Card(Always Declines)
By testing both of the cards, you can be sure about the implementation. Your app should be capable of handling both responses from IAP. If both flows goes well, You shouldn't be worried about it. You are ready to roll-out it on production. Here is the Official Docs, may help you to understand the entire flow.
If you designed custom flow to manage IAP, You can verify the IAP Token from backend using the Google Play Developer API and allow the user to consume the feature accordingly. For the custom flow, You can send custom JWT token from backend according to IAP Token expiry and set custom JWT Token exp claim. By using this method you can check the custom token is expired or not in the client-side, If it's happened so, You can fetch the new IAP token and send it to your backend. Your backend should validate that IAP token and issue new JWT token to user and cycle goes on. Let me know if you want the custom flow, I'll post it here.
You simply periodically query the Google Play server to check the items that the user own, if it is a subscription, it will reply that he/she owns it while it is active and therefore has not expired.
Do not forget to verify the signature of the received data, and much better using a server side verification
Android - protecting in app purchases with server side verification
the google api documentation states that you should call the method
getPurchases()
to know currently active subscriptions, but is there a way to get from Google the expired subscriptions too? Or should I store the subscription informations on a custom server?
I'm doing a magazine app and, even if the subscription is expired, I should be able to allow the user to re-download the issues published while the subscription was active…
Yes of course there is the way for the android application and your back end server to check your subscription details and it's expiration date and even if have access to cancel subscription manually from your server. Using "purchase-status-api", you can check it's expiration date and auto-recurring bill flag.
AFTER LOT OF SEARCH I GOT FOLLOWING LINKS,
PURCHASE-STATUS-API
AUTHENTICATION DEVELOPER DOC
GET EXPIRATION DATE FOR SUBSCRIPTION PRODUCT
REFERENCE LINKS:
MORE LINKS TO IMPLEMENT GOOGLE API
HELP TO IMPLEMENT FOR SERVER OR CLIENT SIDE GOOGLE API
Hope it will solved your problem.
I'm creating an Android application that implements subscriptions to digital content on my backend server. What I wish to do is obtain the name and email associated with the Play account that made the purchase, namely the same information I can get if I go to my Merchant account and view an order.
Using the TrivialDrive in-app billing example, I'm able to access the INAPP_PURCHASE_DATA and send that information to my backend server as the "Checking Subscription Documentation" recommends: http://developer.android.com/google/play/billing/v2/billing_subscriptions.html
The documentation lists a typical implementation workflow and says:
When the user successfully purchases a new subscription, your app
notifies a backend server, which stores the purchase token, user name,
and other information in a secure location.
Although I can store the purchase token, and other INAPP_PURCHASE_DATA how do I obtain the user name or email for that matter. From what I can piece togehter I suspect the account details like user name, email, subscripion expiration date must be requested from my back end server. It seems using the purchase token on my backend server is the key to accessing order information, but at this point I haven't found any clear way to go about doing this.
Any suggestions would be appreciated.
Regards
There is an example on the Android Developer site here: Google Play In-app Billing
Testing In-app Billing
Administering In-app Billing
After that Adding items one at a time to a product list
like this
In-app Billing Reference
Then review this Agreement
Helpful links refund policy, In-app Billing, Implementing In-app Billing
Pls tell if you still facing the some problem :)
Thanks