Why and How to connect Fovea.Billing with the Google Play Developer API.
- Get access to some extra information about transactions and subscriptions from your app;
- has it been cancelled, what is the expiry date.
- Enhanced security.
It’s highly recommended to validate purchase details on a server that you trust. By implementing your signature verification logic on a server, you make it difficult for attackers to reverse-engineer your APK file. This preserves the integrity of the signatures that your logic checks.
Not only Fovea’s service validates the signatures, it also takes a number of extra steps to ensure an attacker isn’t trying to unlock a product or subscription with a valid but unrelated receipt or one that has already been used in the past.
For additional security, we let you link your Fovea.Billing account with a Google account that has financial permissions on Google Play. Doing so will allow our service to request purchases and subscriptions statuses using Google Play Developer API.
This step is particularly useful because attackers cannot create mock responses to your Play Store purchase requests.
It also lets the server identify transactions that have been canceled and give your app access to information that can be useful to display (cancelation date and reason, payment state, expiry date, etc).
How to enable the Play Developer API?
In order for our servers to communicate with Google on your behalf you need to provide a set of service credentials.
First, your Play Developer account needs to be linked to a Google Developer Project. From there will create a service account and grant Financial permission to it. Finally, we’ll setup the service account credentials in Fovea.Billing.
It takes more than a few steps (be ready for somewhere around 10-15 minutes), but it’s worth it!
- First step, let’s go to your Google Play Console
- Select All applications > Settings
- then API access
- From the Getting started section, hit Link to connect a Google Developer Project.
- or Create a New Project if none are listed…
- From the same API access screen, select Create Service Account
- You are shown a link to the Google API Console, follow it.
- from there, + Create Service Account
- Fill in the form (set name and description to whatever suits you)
- Select the Role: Project > Owner
- then click Continue
- Create a Key > format JSON
- Click the Grant Access button next to the newly created Service Account.
- Set the Role to Finance, add the Manage orders permission. This should look like this:
Back to your Fovea.Billing account, Copy-Paste the content of the JSON document into the Android Service Account field, and Save.
It can take up to 24 hours for your Play Service Credentials to work properly with the Android Developer API.
A trick reported to force a refresh of Google’s access rights is to create a new In-App Product (which you can remove later).
The project id used to call the Google Play Developer API has not been linked in the Google Play Developer Console
Sometimes Google doesn’t apply changes you made to your account’s permissions…
- Create an In-App Product in your app, that you can delete right after.