我们如何验证服务器端的Android应用内结算收据? [英] How do we verify Android in-app billing receipt on the server side?
问题描述
我正在为Android游戏实施应用内结算,我们希望使用服务器来存储购买信息。
I am implementing in-app billing into an Android game and we want to use a server to store the purchase information.
根据我的理解,到目前为止, Android Market将以广播接收器的形式向应用程序返回有关购买状态的回调。但由于我们在服务器上持久保存交易信息,我的应用程序必须发出一些http post请求并更新我的服务器。这个http发布请求很有可能被一些黑客手动模仿。如何从我的服务器代码验证Android市场收据信息?
According to what I understood so far, Android Market will return a callback to the app in the form of Broadcast receiver about the purchase status. But since we are persisting the transaction information on the server, my app has to make some http post request and update my server. There is a very high chance that this http post request could be imitated by some hacker manually. How do I validate that Android market receipt information from my server code?
我的服务器是否有可用的Google结账回调?或者有没有办法验证http客户端提供的IAB响应是否为正版,而且只在我的应用中完成购买!
Is there any Google checkout callback to my server available? Or is there a way to validate the IAB response provided by the http client is genuine and it is a purchase done in my app only!
在Apple IOS IAP流程中, 他们有验证网络API @ https://sandbox.itunes.apple.com/verifyReceipt 我们可以通过
On the Apple IOS IAP process, they have a validate web API @ https://sandbox.itunes.apple.com/verifyReceipt for which we can pass
req.method = URLRequestMethod.POST;
req.data = "{\"receipt-data\" : \""+ t.receipt +"\"}";
并说明收据是否合适。我们有类似Android的东西吗?
and it says if the receipt is proper or not. Do we have something like that for Android?
推荐答案
更新:您可以使用 getPurchases()检索未消费购买的方法,如开发人员文档中所述:
http://developer.android.com/google/play/billing/billing_reference.html#getPurchases
Update: You can use the getPurchases() method to retrieve "un-consumed" purchases, as explained in the developer docs:
http://developer.android.com/google/play/billing/billing_reference.html#getPurchases
原始答案(现已过期)
不推荐使用Google Checkout API。您现在应该使用Purchase Status API。
The Google Checkout API is deprecated. You should now use the Purchase Status API.
如果您打算使用Purchase Status API,上面的链接会提到这些限制:
If you plan to use the Purchase Status API, the link above mentions these limitations:
- 您可以使用API仅检查单个项目的状态 - 目前不支持批量订单状态请求。
- 您可以查询2013年6月12日或之后下订单的详细信息,但不能查询之前订单的详细信息。
- 您可以查询使用应用内结算v3制作的任何商品类型的购买API或使用应用内结算v1和v2制作的托管项目的购买。您无法使用Purchase Status API查询使用应用内结算v1或v2进行的非托管项目的购买。
这篇关于我们如何验证服务器端的Android应用内结算收据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
