I know how to handle consumable purchases directly in my Android app using the billing API. But I’m trying to figure out if there’s a way to mark these consumable items as used from my backend server instead.
I’ve looked at the Purchase Status API which is meant for server-side validation, but it seems like it only lets me check purchase status. I don’t see any endpoints for actually consuming the purchased items.
My use case is that I want to validate and consume purchases on my server for security reasons rather than trusting the client app to do it. Has anyone managed to consume Google Play purchases from their backend? What’s the recommended approach here?
Yes, the Google Play Developer API allows for server-side consumption via the purchases.products.consume endpoint. You will need to send a POST request to https://androidpublisher.googleapis.com/androidpublisher/v3/applications/{packageName}/purchases/products/{productId}/tokens/{purchaseToken}:consume with OAuth2 authentication. I implemented this method last year for enhanced security. Make sure to validate the purchase first using the verification endpoint, and if it passes, proceed with the server-side consumption. It’s essential to have a service account set up with the Android Publisher API enabled and the appropriate OAuth configuration. Additionally, be aware that network issues may prevent purchases from being consumed despite being validated. Implementing retry logic and idempotency checks is crucial.
yeah, it’s kinda a bummer but true. the server can’t directly consume those purchases, you gotta let the app do it. most just verify on server and then tell the app to handle it. it’s a bit of a hassle, but that’s how google set it up!
Interesting challenge! Have you tried the Google Play Developer API instead of just the purchase status API? I think there’s a consume endpoint in there, but I’m not completely sure. What consumables are you working with - in-game currency or something else? Also curious why you want to skip server-side validation but still consume client-side?