Check and verify in-app receipts from the AppStore and the PlayStore.
gem install candy_checkThis gem tries to simplify the process of server-side in-app purchase validation for Apple's AppStore and Google's PlayStore.
If you have set up an iOS app and its in-app items correctly and the in-app store is working your app should receive a
SKPaymentTransaction. Currently this gem assumes that you use the old transactionReceipt
which is returned per transaction. The transactionReceipt is a base64 encoded binary blob which you should send to your
server for the validation process.
To validate a receipt one normally has to choose between the two different endpoints "production" and "sandbox" which are provided from Apple. During development your app gets receipts from the sandbox while when released from the production system. A special case is the review process because the review team uses the release version of your app but processes payment against the sandbox. Only for receipts that contain auto-renewable subscriptions you need your app's shared secret (a hexadecimal string),
Please keep in mind that you have to use test user account from the iTunes connect portal to test in-app purchases during your app's development.
Google's PlayStore has different kind of server-to-server API to check purchases and requires that you register a so called "service account". You have to register a new account by yourself, export the generated certificate file and grant the correct permissions to the account for your app using the Google Developer Console.
Further more this gem uses the official Ruby SDK for the API interactions
which suggest to use a locally cached service discovery. If you don't omit the cache_file configuration this is done
automatically.
If you have set up the Android app correctly you should get a purchaseToken per purchased item. You should use this string in combination with packageName and productId
to verify the purchase.
First you should initialize a verifier instance for your application:
config = CandyCheck::AppStore::Config.new(
environment: :production # or :sandbox
)
verifier = CandyCheck::AppStore::Verifier.new(config)For the AppStore the client should deliver a base64 encoded receipt data string which can be verified by using the following call:
verifier.verify(your_receipt_data) # => Receipt or VerificationFailure
# or by using a shared secret for subscriptions
verifier.verify(your_receipt_data, your_secret)Please see the class documenations CandyCheck::AppStore::Receipt and CandyCheck::AppStore::VerificationFailure for further details about the responses.
First initialize and boot a verifier instance for your application. This loads the API discovery and
fetches the needed OAuth access token. When configuring a cache_file the discovery is loaded (or dumped) to
this file:
config = CandyCheck::PlayStore::Config.new(
application_name: 'YourApplication',
application_version: '1.0',
issuer: '[email protected]',
key_file: 'local/google.p12',
key_secret: 'notasecret',
cache_file: 'tmp/candy_check_play_store_cache'
)
verifier = CandyCheck::PlayStore::Verifier.new(config)
verifier.boot!For the PlayStore your client should deliver the purchases token, package name and product id:
verifier.verify(package, product_id, token) # => Receipt or VerificationFailurePlease see the class documenations CandyCheck::PlayStore::Receipt and CandyCheck::PlayStore::VerificationFailure for further details about the responses.
This gem ships with an executable to verify in-app purchases directly from your terminal:
You only need to specify the base64 encoded receipt:
$ candy_check app_store RECEIPT_DATASee all options:
$ candy_check help app_storeFor the PlayStore you need to specify at least the issuer, the key file, your package name, the product and the actual purchase token:
$ candy_check play_store PACKAGE PRODUCT_ID TOKEN --issuer=ISSUER --key-file=KEY_FILESee all options:
$ candy_check help play_store- Allow using the combined StoreKit receipt data
- Find a ways to run integration tests
Please submit them here https://github.com/jnbt/candy_check/issues
Simple run
rakeCopyright © 2016 Jonas Thiel. See LICENSE.txt for details.