Google Play In App Purchase Validation in Node.js

How to validate in-app purchases server side for Google Play apps

Ross Bulat
8 min readJul 7, 2021

--

Introduction

In-app purchase validation is a critical task that every app supporting purchases and subscription should implement as a means to prove the integrity of purchase tokens and transaction records. Validation can be used to validate a newly created transaction or validate a subscription to check it is still active.

An in-app purchase is initiated on a user’s device; the user authenticates a purchase which is then processed on Google servers, and a successful response should be sent back to the user’s device.

It is with this successful response that a purchaseToken is provided — a unique string that acts as a receipt of the purchase. In order to validate a purchase with Google Billing at any time in the future, the purchaseToken must be supplied to such API calls, that will be discussed further down.

Needless to say, the purchaseToken should be securely persisted in your database and associated with a particular user of your app, otherwise it would not be possible to validate any purchases made by that user.

This article will explain the setup process of validating Google Play in-app purchases. It is split into two parts:

  • Part 1: Walking through the process of setting up the necessary credentials on Google Cloud Platform and Google Play Console for in-app purchase receipt validation. This entails a Service Account with access to Google Play developer services to access in-app purchase history, that exists under the financial data umbrella of permissions.
  • Part 2 will demonstrate how to integrate the google-play-billing-validator package in a Node.js environment in order to validate receipts server side on your server at any time. Both a purchaseToken and productId need to be provided, along with your App ID, to successfully validate an in-app purchase or subscription.

Note that google-play-billing-validator (or other means of validation) should also be used in the initial transaction processing stage after a purchaseToken is generated and sent to your endpoint that processes successful in-app purchases. This initial…

--

--

Ross Bulat

Written by Ross Bulat

5.6K Followers

Programmer and Author. @ Parity Technologies, JKRB Investments

More from Ross Bulat

See all from Ross Bulat

Recommended from Medium

Lists

General Coding Knowledge

20 stories359 saves

It's never too late or early to start something

15 stories129 saves

Stories to Help You Grow as a Software Developer

19 stories390 saves

Coding & Development

11 stories189 saves
See more recommendations

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech

Teams