Google Play In App Purchase Validation in Node.js

How to validate in-app purchases server side for Google Play apps

Ross Bulat

--

Introduction

In-app purchase validation is a critical task that every app supporting purchases and subscription should implement as a means to prove the integrity of purchase tokens and transaction records. Validation can be used to validate a newly created transaction or validate a subscription to check it is still active.

An in-app purchase is initiated on a user’s device; the user authenticates a purchase which is then processed on Google servers, and a successful response should be sent back to the user’s device.

It is with this successful response that a purchaseToken is provided — a unique string that acts as a receipt of the purchase. In order to validate a purchase with Google Billing at any time in the future, the purchaseToken must be supplied to such API calls, that will be discussed further down.

Needless to say, the purchaseToken should be securely persisted in your database and associated with a particular user of your app, otherwise it would not be possible to validate any purchases made by that user.

This article will explain the setup process of validating Google Play in-app purchases. It is split into two parts:

  • Part 1: Walking through the process of setting up the necessary credentials on Google Cloud Platform and Google Play Console for in-app purchase receipt validation. This entails a Service Account with access to Google Play developer services to access in-app purchase history, that exists under the financial data umbrella of permissions.
  • Part 2 will demonstrate how to integrate the google-play-billing-validator package in a Node.js environment in order to validate receipts server side on your server at any time. Both a purchaseToken and productId need to be provided, along with your App ID, to successfully validate an in-app purchase or subscription.

Note that google-play-billing-validator (or other means of validation) should also be used in the initial transaction processing stage after a purchaseToken is generated and sent to your endpoint that processes successful in-app purchases. This initial…

--

--

Ross Bulat

Programmer and Author. @ Parity Technologies, JKRB Investments