-
Notifications
You must be signed in to change notification settings - Fork 16
Tutorial Backend API Setup
Tobias Strebitzer edited this page Jun 27, 2015
·
1 revision
Documentation of API requests:
# API CALL #1 - Fetch Purchases from backend
# REQUEST:
# - GET /android/purchases/:app_id/:user_id
# PARAMS:
# - requires "user_id", type: String, regexp: /[a-zA-Z0-9_.\-@+]*/, desc: "Android device/user id (e.g. com.google_tobias.strebitzer@gmail.com)"
# - requires "app_id", type: String, regexp: /[a-zA-Z0-9_.\-]*/, desc: "Magazine App id (e.g. com.bakerframework.magazine)"
# DESCRIPTION:
# - Fetch all purchased issues (single issue purchase) and subscription information
# - This request is sent when the app launches, and whenever the issue shelf refreshes
# LOGIC:
# - First, create an empty array of strings ($issue_id_array) that will be filled with purchased issue product ids.
# - Next, check if there is any active subscription available for this user_id and app_id. If so, append all issue ids within the subscription period to $issue_id_array
# - Next, fetch all individual issue purchases that have been made for this user_id and app_id. Append them to $issue_id_array
# - Finally, return a json response as below
# RESPONSE:
# - JSON: {"issues":["issue_product_id_1","issue_product_id_2"],"subscribed":true}
# API CALL #2 - Verify purchase receipts and register purchased issues/subscriptions
# REQUEST:
# - POST /android/verify_multi/:app_id/:user_id
# PARAMS:
# - requires "purchases", type: Array, desc: "Array containing purchase information from google play"
# - > requires "data", type: String, desc: "Product data"
# - > requires "order_id", type: String, desc: "Product order id"
# - > requires "package_name", type: String, desc: "Product package name / app_id"
# - > requires "payload", type: String, desc: "Product payload"
# - > requires "signature", type: String, desc: "Product signature"
# - > requires "sku", type: String, desc: "Product sku"
# - > requires "state", type: String, desc: "Product state"
# - > requires "token", type: String, desc: "Product token"
# - > requires "time", type: Integer, desc: "Product time"
# - > requires "purchase_type", type: String, desc: "Purchase type", values: ["product", "subscription"]
# - requires "user_id", type: String, regexp: /[a-zA-Z0-9_.\-@+]*/, desc: "Android device/user id (e.g. com.google_tobias.strebitzer@gmail.com)"
# - requires "app_id", type: String, regexp: /[a-zA-Z0-9_.\-]*/, desc: "Magazine App id (e.g. com.bakerframework.magazine)"
# DESCRIPTION:
# - Verify purchases made from google play with the backend
# - This request is sent when the app launches, and whenever the issue shelf refreshes
# - The backend should verify and store the receipt information and register receipts and purchases in the database
# LOGIC:
# - First, verify the receipt information by testing signature and payload
# - Store the purchase information (= receipt data) in the database
# - Find the related issues or subscriptions and unlock them for the provided user_id (e.g. tables "purchased_issues", "purchased_subscriptions")
# - Finally, return a json response as below
# RESPONSE:
# - STATUS 204 (Success, no body)
Code Sample for verification (ruby):
public_key = OpenSSL::PKey::RSA.new(Base64.decode64(self.publication.google_play_license_key))
verified = public_key.verify( OpenSSL::Digest::SHA1.new, Base64.decode64(receipt.signature), receipt.data)