I have made an Android app where items can be purchased using in-app-billing. When an item is purchased the transaction can easily be synced between Android Market and the phone - to be used in the app. But, I need MY server to be aware of the purchase. The decision to deliver app-specific data should be made on my server, not in the client app.
E.g.
Q: How do I verify that transaction data coming from the Android client (presumably originating from Google servers) is not fake? I.e. a hacker didn't generate the data.
Google Server -> Android client -> My server -> Android client
Perhaps this is more of a PHP question than anything else. Exactly what should my server script (PHP) do in order to verify that the retrieved data is real?
Go get a google api client library for your server platform from https://developers.google.com/api-client-library. Use your particular platform's client library to build a service interface and directly read the result of your purchase verification.
It should be noted that server validation isn't mandatory — in-app purchases will still work without it. It grants some advantages, though: Advanced payment analytics, which is especially important for subscriptions since everything that happens after the activation isn't processed by the device.
Simply create a Signed APK and publish it to the Play Store, then wait for it to be accepted. After that, all we have to do is set up the card and buy it. That's it for this article, hope you get the exact idea on how to implement in-app purchases in your app and start earning!
The In-app Billing Version 3 API makes it easier for you to integrate In-app Billing into your applications. The features in this version include improved synchronous purchase flow, APIs to let you easily track ownership of consumable goods, and local caching of in-app purchase data.
Use openssl_verify ($data, $signature, $key)
The variables $data and $signature should be sent from the android client to your php server using https. The transaction contains both of these items. Send that to your servers before you acknowledge the transaction on the client.(see documentation here - http://developer.android.com/guide/market/billing/billing_integrate.html)
The variable $key is your google public key available from your publisher account from the Licensing & In-app Billing panel. Copy the public key and use that in your php code, preferably using a config file you install on your servers rather than in your actual php code.
If the openssl_verify call succeeds you should store the order numbers on your servers and ensure they are unique so they cannot be replayed. Be aware that a single data receipt and signature pair could contain many order numbers though its usually one order.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With