问题
I am implementing in-app billing into an Android game and we want to use a server to store the purchase information.
According to what I understood so far, Android Market will return a callback to the app in the form of Broadcast receiver about the purchase status. But since we are persisting the transaction information on the server, my app has to make some http post request and update my server. There is a very high chance that this http post request could be imitated by some hacker manually. How do I validate that Android market receipt information from my server code?
Is there any Google checkout callback to my server available? Or is there a way to validate the IAB response provided by the http client is genuine and it is a purchase done in my app only!
On the Apple IOS IAP process, they have a validate web API @ https://sandbox.itunes.apple.com/verifyReceipt for which we can pass
req.method = URLRequestMethod.POST;
req.data = "{\"receipt-data\" : \""+ t.receipt +"\"}";
and it says if the receipt is proper or not. Do we have something like that for Android?
回答1:
Update: You can use the getPurchases() method to retrieve "un-consumed" purchases, as explained in the developer docs:
http://developer.android.com/google/play/billing/billing_reference.html#getPurchases
Original Answer (now out of date)
The Google Checkout API is deprecated. You should now use the Purchase Status API.
If you plan to use the Purchase Status API, the link above mentions these limitations:
- You can use the API to check the status of individual items only — bulk requests for order status are not supported at this time.
- You can query for the details of orders placed on or after 12 June 2013, but not for orders placed earlier.
- You can query purchases of any item type made with the In-app Billing v3 API, or purchases of managed items made with In-app Billing v1 and v2. You can not use the Purchase Status API to query purchases of unmanaged items made with In-app Billing v1 or v2.
回答2:
EDIT: this answer is obsolete, see Dan J's answer.
There's no callback, but Google Checkout has an API. Your answers are here.
回答3:
This is an old post, but I hope to help others.
There is a way to validate purchases from server side, you have to use this rest API.
https://developers.google.com/android-publisher/api-ref/purchases/products/get
来源:https://stackoverflow.com/questions/8384246/how-do-we-verify-android-in-app-billing-receipt-on-the-server-side