Support Topics Documentation Slack YouTube Blog

How to validate in-app purchase for android

Hi,

How to validate in-app purchase for android and store that flag in user table?

I see a section in the backendless account:

but could not find any documentation for that.

Earlier you have provided the link (on the forum) regarding that question:
https://backendless.com/developers/utilities/android/ut_google_play_purchase_validatio.htm

But I cannot find any document by this link at the moment.

Thank you in advance.

Possibly the doc page described this functionality was lost. We’ll try to find it out.
In short: you should use methods from the android-sdk:

Backendless.Commerce.
cancelPlaySubscription
getPlaySubscriptionsStatus
validatePlayPurchase

Dear Oleg,

thank you for the reply.

Would be nice to see that document as from the source code of Backendless.Commerce I cannot
clear to understand the usage.

It turned out that now I should not setup anything in backendless account?

No, you have to point your developer email as well as the developer key.
The channel can be any, or just choose “all”.
Could you try with your test app?

Dear Oleg,

I will check that in next days.
But it looks like that it’s possible to validate the purchase via android sdk
inside the android app and store that index in user property (also from
client-android code)

But I have two questions in this case:

  1. In order to define the purchased users (only on the server) I need to write a service?,
    which will be triggered when new user added and that server will ask the google
    about purchase and store result information in user table. Right?
    Reason: we want to move the code for purchase validation outside the client android code
    in order that part cannot be hacked from client code.

  2. for every file and folder in Files, it’s possible to setup Permissions.
    Permissions can be changed directly in backendless account or from the client code.
    For example, we want to allow “delete” and “update” certain files only for the user,
    who created that file. But others can only read.

It can be done from android code (if allow permission “Permission” for “AuthenticatedUser”).
But in this case some AuthenticatedUser can allow “update” and “delete” permissions for himself for all files directly from the android app (and finally delete all of them).

Reason: to create a code on the server, which check some users properties (permissions) before
doing some actions. For example: delete and update the file, only if the file was created by this user.

Thank you in advance for your answers.
It helps me to understand how we can meet our requirements with Backendless service.