Google Play provides an HTTP-based Purchase Status API that lets you remotely query the status of a specific in-app product or subscription, or cancel an active subscription. The API is designed to be used from your backend servers as a way of securely managing in-app products and subscriptions, as well as extending and integrating them with other services.
With the Purchase Status API you can quickly retrieve the details of any purchase using a standard GET request. In the request you supply information about the purchase — app package name, purchase or subscription ID, and the purchase token. The server responds with a JSON object describing the associated purchase details, order status, developer payload, and other information.
You can use the Purchase Status API in several ways, such as for reporting and reconciliation of individual orders and for verifying purchases and subscription expirations. You can also use the API to learn about cancelled orders and confirm whether in-app products have been consumed, including whether they were consumed before being cancelled.
For subscriptions, in addition to querying for order status and expiration, you can use the Purchase Status API to remotely cancel a subscription. This is a convenient way to manage cancellations on behalf of customers, without requiring them to manage the cancellation themselves on their Android devices.
If you plan to use the Purchase Status API, keep in mind that:
The Purchase Status API is part of the Google Play Android Developer API v1.1, available through the Google Cloud Console. The new version of the API supersedes the v1 API, which is deprecated. If you are using the v1 API, please migrate your operations to the v1.1 API as soon as possible.
To use the API, you must first register a project at the Google Cloud Console and receive a Client ID and shared secret that your app will present when calling the API. All calls are authenticated with OAuth 2.0.
Once your app is registered, you can access the API directly, using standard HTTP methods to retrieve and manipulate resources. The API is built on a RESTful design that uses HTTP and JSON. so any standard web stack can send requests and parse the responses. However, if you don’t want to send HTTP requests and parse responses manually, you can access the API using the Google APIs Client Libraries, which provide better language integration, improved security, and support for making calls that require user authorization.
For more information about the API and how to access it through the Google APIs Client Libraries, see the documentation at:
https://developers. google.com/android-publisher/v1_1/
Applications using the Google Play Android Developer API are limited to an initial courtesy usage quota of 200,000 requests per day (per application). This should provide enough access for normal subscription-validation needs, assuming that you follow the recommendation in this section.
If you need to request a higher limit for your application, see the instructions in the Google Cloud Console Help. Also, please read the section below on design best practices for minimizing your use of the API.
Calls to the Google Play Android Developer API require authorization. Google uses the OAuth 2.0 protocol to allow authorized applications to access user data. To learn more, see Authorization in the Google Play Android Developer API documentation.
In a typical scenario, your app verifies the order status for new purchases to ensure that they are valid before granting access to the purchased content.
To verify a purchase, the app passes the purchase token and other details up to your backend servers, which verifies them directly with Google Play using the Purchase Status API. For security reasons, the app should not normally attempt to verify the purchase itself using the Purchase Status API.
If the backend server determines that the purchase is valid, it notifies the app and grants access to the content. For improved performance, the backend servers should store the purchase details and order status in a local database, updated at intervals or as-needed.
Keep in mind that users will want the ability to use your app at any time, including when there may be no network connection available. Make sure that your approach to purchase verification accounts for the offline use-case.
Access to the Google Play Android Developer API is regulated to help ensure a high-performance environment for all applications that use it. While you can request a higher daily quota for your application, we highly recommend that you minimize your access using the techniques below.
By following those general guidelines, your implementation will offer the best possible performance for users and minimize use of the Google Play Android Developer API.