©Nobuyori Takahashi < voltrue2@yahoo.com >
A node.js module for in-app purchase (in-app billing) for Apple, Google Play, Amazon Store, Roku, and Windows.
It supports Unity receipt also: Unity Documentation
0.12.0 >=
npm install in-app-purchase
The module supports both Promise and callbacks.
var iap = require('in-app-purchase');
iap.config({
/* Configurations for Amazon Store */
amazonAPIVersion: 2, // tells the module to use API version 2
secret: 'abcdefghijklmnoporstuvwxyz', // this comes from Amazon
/* Configurations for Apple */
applePassword: 'abcdefg...', // this comes from iTunes Connect (You need this to valiate subscriptions)
/* Configurations for Google Play */
googlePublicKeyPath: 'path/to/public/key/directory/' // this is the path to the directory containing iap-sanbox/iap-live files
googleAccToken: 'abcdef...', // optional, for Google Play subscriptions
googleRefToken: 'dddd...', // optional, for Google Play subscritions
googleClientID: 'aaaa', // optional, for Google Play subscriptions
googleClientSecret: 'bbbb', // optional, for Google Play subscriptions
/* Configurations for Roku */
rokuApiKey: 'aaaa...', // this comes from Roku Developer Dashboard
/* Configurations all platforms */
test: true, // For Apple and Googl Play to force Sandbox validation only
verbose: true // Output debug logs to stdout stream
});
iap.setup()
.then(() => {
// iap.validate(...) automatically detects what type of receipt you are trying to validate
iap.validate(receipt).then(onSuccess).catch(onError);
})
.catch((error) => {
// error...
});
function onSuccess(receipt, validatedData) {
// receipt: it is the receipt that was validated...
// validatedData: the actual content of the validated receipt
var options = {
ignoreCanceled: true, // Apple ONLY (for now...): purchaseData will NOT contain cancceled items
ignoreExpired: true // purchaseData will NOT contain exipired subscription items
};
var purchaseData = iap.getPurchaseData(validateData, options);
}
function onError(error) {
// failed to validate the receipt...
}You may feed different Google public key or Apple password etc to validate receipts of different applications with the same code:
NOTE Google subscription is NOT supported.
iap.config(configObject);
iap.setup()
.then(() => {
iap.validateOnce(receipt, pubKeyString).then(onSuccess).catch(onError);
})
.catch((error) => {
// error...
});iap.config(configObject);
iap.setup()
.then(() => {
iap.validateOnce(receipt, appleSecretString).then(onSuccess).catch(onError);
})
.catch((error) => {
// error...
});iap.config(configObject);
iap.setup()
.then(() => {
iap.validateOnce(receipt, amazonSecretString).then(onSuccess).catch(onError);
})
.catch((error) => {
// error...
});iap.config(configObject);
iap.setup()
.then(() => {
iap.validateOnce(receipt, rokuApiKeyString).then(onSuccess).catch(onError);
})
.catch((error) => {
// error...
});You may not want to keep the public key files on your server(s).
The module also supports environment variables for this.
Instead of using googlePublicKeyPath: 'path/to...' in your configurations, you the following:
export=GOOGLE_IAB_PUBLICKEY_LIVE=PublicKeyHerePlz
export=GOOGLE_IAB_PUBLICKEY_SANDBOX=PublicKeyHerePlz
To set up your server-side Android in-app-billing correctly, you must provide the public key string as a file from your Developer Console account.
Reference: Implementing In-app Billing
Once you copy the public key string from the Developer Console account for your application, you simply need to copy and paste it to a file and name it iap-live as shown in the example above.
NOTE: The public key string you copy from the Developer Console account is actually a base64 string. You do NOT have to convert this to anything yourself. The module converts it to the public key automatically for you.
To check expiration date or auto renewal status of an Android subscription, you should first setup the access to the Google Play Store API. You should follow these steps:
- Go to https://play.google.com/apps/publish/
- Click on
Settings - Click on
API Access - There should be a linked project already, if not, create one. If you have it, click it.
- You should now be at: https://console.developers.google.com/apis/library?project=xxxx
- Under Mobile API's, make sure "Google Play Developer API is enabled".
- Go back, on the left click on
Credentials - Click
Create Credentialsbutton - Choose
OAuth Client ID - Choose
Web Application
- Give it a name, skip the
Authorized JS origins - Aadd this to
Authorized Redirect URIs: https://developers.google.com/oauthplayground - Hit Save and copy the clientID and clientSecret somewhere safe.
- Go to: https://developers.google.com/oauthplayground
- On the right, hit the gear/settings.
- Check the box:
Use your own OAuth credentials- Enter in clientID and clientSecret
- Close
- On the left, find "Google Play Developer API v2"
- Hit Authorize Api's button
- Save
Authorization Code
- This is your: googleAccToken
- Hit
Exchange Authorization code for token - Grab:
Refresh Token
- This is your: googleRefToken
Now you are able to query for Android subscription status!
https://developer.amazon.com/appsandservices/apis/earn/in-app-purchasing/docs/rvs
in-app-purchase module supports the following algorithms:
-
Exclusive Canonicalization http://www.w3.org/2001/10/xml-exc-c14n#
-
Exclusive Canonicalization with comments http://www.w3.org/2001/10/xml-exc-c14n#WithComments
-
Enveloped Signature transform http://www.w3.org/2000/09/xmldsig#enveloped-signature
-
SHA1 digests http://www.w3.org/2000/09/xmldsig#sha1
-
SHA256 digests http://www.w3.org/2001/04/xmlenc#sha256
-
SHA512 digests http://www.w3.org/2001/04/xmlenc#sha512