Google Play Developer API - Query purchase token returns Invalid Value

Question

I am trying to set up a web service to query Google Play purchases. We store the order information for customers and this service would call Google Play API to query the su

Answer 1

This happened to me when I was testing with Static Responses, i.e. using reserved product IDs for testing (like android.test.purchased). SkyWalker's solution did not help in this case.

Then I used real product IDs, published my app as alpha to google play and side-loaded the release apk into my device and now everything works as expected.

Be sure to read carefully chapter Setting Up for Test Purchases in google docs to prepare your app and account properly for testing.

Answer 2

Check out this to see API request and response. Need help with the API Explorer

API: https://www.googleapis.com/androidpublisher/v1.1/applications/packageName/subscriptions/subscriptionId/purchases/token

Request parameters:

packageName:PACKAGE_NAME

subscriptionId:SUBSCRIPTION_ID

token:PURCHASE_TOKEN

Answer 3

First I want to share with you what is 400 bad request and what is the real cause for occuring it?

Ans: It indicates that the query was invalid. E.g., parent ID was missing or the combination of dimensions or metrics requested was not valid.

Recommended Action: You need to make changes to the API query in order for it to work.

Resource Link: Standard Error Responses

Your problem:

Your code was running properly and returning related json file as output. But after a period,it is not working when you want to get information about purchase. It gives error message "HTTP/1.1 400 Bad Request"

Root cause:

For refresh token, the response always includes a new access token. A response is shown below:

{
  "access_token":"1/fFBGRNJru1FQd44AzqT3ZgXXXXXX",
  "expires_in":3920,
  "token_type":"Bearer",
}

So, access token has a expiry time. after a expiry time, the access token will not work.

There is another restriction also. There are limits on the number of refresh tokens that will be issued; one limit per client/user combination, and another per user across all clients.

So, in your case, you have already crossed your limit of creating refresh token.

Solution:

So, you first need to revoke the token. Then save refresh tokens in long-term storage and continue to use them as long as they remain valid.

As you are using refresh token, then you need to change the http post request https://accounts.google.com/o/oauth2/token to https://www.googleapis.com/oauth2/v4/token

So your code will be look like below:

String refreshToken = "1/ljll6d9ME3Uc13jMrBweqXugV4g4timYcXXXXXXXXX";
HttpPost request = new HttpPost("https://www.googleapis.com/oauth2/v4/token");
List<NameValuePair> params = new ArrayList<NameValuePair>();
...............
...............

Revoking procedure:

There are 2 ways for revoking.

1. A user can revoke access by visiting Account Settings
2. It is also possible for an application to programmatically revoke the access given to it.

To programmatically revoke a token, your application makes a request to https://accounts.google.com/o/oauth2/revoke and includes the token as a parameter:

curl https://accounts.google.com/o/oauth2/revoke?token={token}

The token can be an access token or a refresh token. If the token is an access token and it has a corresponding refresh token, the refresh token will also be revoked.

N.B: If the revocation is successfully processed, then the status code of the response is 200. For error conditions, a status code 400 is returned along with an error code.

Resource Link:

1. Offline access, Using refresh token and Revoke a token