IAP Reference Server API - ONE-store/inapp-sdk-eng GitHub Wiki
< NOTE >
This documents are for ONE store IAP SDK v16(API v4). If you are looking for the latest version of ONE store IAP SDK v17(API v5), please refer to the url below:
URL for the latest documents and downloads of ONE store IAP SDK v17(API v5) : https://dev.onestore.co.kr/devpoc/reference/view/IAP_v17
ONE store provides two types of the server API to allow you to check if the user has legitimately purchased the items.
This API intends to check the In-App purchase history of the user by using the TID issued at the time of purchase request by the developer.
This API allows you to verity if TxID and receipt is issued in the IAP server via the verification server and to identify if the purchase history exists by using the TxID and receipt issued at the time of purchase completion by ONE store. (This feature is provided in the SDK, however a serer-to-server call is recommended if there is a separate developer server.)
This API checks the purchase history by using as a key the TID, which is generated at the time of purchase request (sendPaymentRequest) and sent by the developer.
Notice
- It is recommended to use the e-receipt verification API if the App server is not run.
- The developer is required to manage the TID value as a unique value.
- In case the purchase requests are made using a duplicate TID, the TID is assigned to the latest purchase request and it is not available to check the previous purchase history.
Request URI
| Type | URI |
|---|---|
| For ‘Commercialize’ | http://iap.tstore.co.kr:8090/billIntf/billinglog/billloginquiry.action |
| For ‘Develop’ | http://iapdev.tstore.co.kr:8082/billIntf/billinglog/billloginquiry.action |
Reference
| Parameter | Limit | sample | Description |
|---|---|---|---|
| DATE | 8 | 20161130 | This is the product purchase date |
| APPID | 10 | OA00012345 | This is the Application ID |
| TIDCNT | 2 | 20 | This indicates the number of TIDs used for checking payment information. Up to 20 inquiries can be checked |
| TID | 100 | `TIDCNT=2&TID=12313 | 12324` |
Up to 20 TIDs can be requested according to the number of
TIDCNT, and the TIDs are differentiated using ‘|’.
Sample
- Example: request to IAP Server for development
http://iapdev.tstore.co.kr:8082/billIntf/billinglog/billloginquiry.action?DATE=20160715&APPID=OA00027256&TIDCNT=2&TID=12313|12324- Example: request to IAP Server for commercial use
http://iap.tstore.co.kr:8090/billIntf/billinglog/billloginquiry.action?DATE=20160715&APPID=OA00027256&TIDCNT=2&TID=12313|12324Reference
| Parameter | Limit | sample | Description |
|---|---|---|---|
| type | BillingLog |
This is fixed to BillingLog value |
|
| result | - | This is the tag for the payment information group | |
| status | 4 | <status>0</status> |
This is the code for the payment information inquiry result |
| detail | 4 | <detail>0000</detail> |
This is the detailed code for the payment information inquiry result |
| message | - | <message>It is successfully checked.</message> |
This is the message of the payment information inquiry result |
| appid | 10 | <appid>OA00027256</appid> |
This is the AID |
| count | 2 | <count>20</count> |
This is the number of confirmed payment information |
| billing_log | - |
<billing_log><item>... </item></billing_log>
|
This is the collection of individual payment history information confirmed in the IAP Server. Multiple elements are included |
| Item | - |
<item> <tid>...</tid> <product_id>...</product_id></item>
|
This is the individual payment item provided as Billing log. The following sub-elements are included to describe the detailed payment history |
| tid | 100 | <tid>201012226_01047637315_00000239</tid> |
This is the TID |
| product_id | 10 | <product_id>0000044056</product_id> |
This is the In-App product ID |
| log_time | 10 | <log_time>20101227103643</log_time> |
This is the time of product purchase |
| charging_id | 11 | <charging_id>11111111111</charging_id > |
This is the payment success code (fixed value) |
| charge_amount | 7 | <charge_amount>300000</charge_amount> |
This is the price of product |
| detail_pname | 100 | <detail_pname>product name</detail_pname> |
This value is returned when a detailed product name (product_name) is entered at the time of purchase request. If no value is selected and entered, ‘X’ is set by default |
| bp_info | 1024 | utm_source=onestore&utm_medium=iap&utm_campaign=20160325_promotion |
This is the information for the developer’s Application server to confirm |
| tcash_flag | 1 | <tcash_flag>N</tcash_flag> |
This is the T-store Cash availability |
Status
| Code | Description |
|---|---|
| 0 | Success |
| 9 | ‘No inquiry result’ or ‘Error in parameter and system’ |
Detail
| Code | Description |
|---|---|
| 0000 | Success |
| 1000 | Error in required parameters |
| 2000 | Undefined request |
| 3000 | Error in the number of requests |
| 9100 | No payment information inquiry result |
| 9200 | Exceeds the maximum number of requests (20) |
| 9999 | Sytem error |
This API can verify an e-receipt whichi is issued after an In-App product is purchased. It can send a request to and receive a response from the App2Server through the SDK. When it comes to the e-receipt verification, you are allowed only to check the verification histoy within 10 minutes after the completion of purchase. Currently, only a single inquiry is available.
Built-in Model
As for the Built-in Model that works without connecting to the server, you receive a notification of payment completion via the IAP library within the App. You can confirm if the payment of the corresponding product is successfully completed in the IAP server through the following connection flow before issuing items (including granding permission).
Line: required
Dotted line: optional
Server to Server
For the product connected to the server, the server-to-server feature is provided to request the verification of the e-receipt, which is issued through connecting with the IAP server in the App server. The following scenario is an example, and the feature can be properly implemented depending on the App service scenario.
Line: required
Dotted line: optional
The request data has the JSON format, and detailed specifications are as follows:
Request URI
| Type | URI |
|---|---|
| For ‘Commercialize’ | https://iap.tstore.co.kr/digitalsignconfirm.iap |
| For ‘Develop’ | https://iapdev.tstore.co.kr/digitalsignconfirm.iap |
Reference
| Parameter | Type | Mandatory | Limit | sample | Description |
|---|---|---|---|---|---|
| txid | String | M | 40 | TSTOREXXXX_20150515102510XXXXXXXXXXXXXXX |
This is the receipt number |
| appid | String | M | 10 | OA00012345 |
This is the AID |
| signdata | String | M | ~5kb | - | This is the e-Receipt data |
Sample
{
"txid":"TSTORE0004_20150515102510XXXXXXXXXXXXXXX",
"appid":"OA00012345",
"signdata":"MIIH7QYJKoZIhvcNAQcCoIIH3jCCB9oCAQExDzANBglghkgBZQMEAMIIH7QYJKdDFDFFEFEFEFoZIhvcNAQcCoIIH3jCCB9oCAQExDzANBglghkgBZQMEA"
} The IAP server verifies the e-receipt included in the request protocol, converts result values into the JSON data and passes the JSON data to those who made the verification request.
Reference
| Parameter | Type | Mandatory | Limit | sample | Description |
|---|---|---|---|---|---|
| status | Number | M | 1 | 0 |
This is the return code for verification result |
| detail | String | M | 4 | 0000 |
This is the detailed code for verification result |
| message | String | M | - | Successfully verified |
This is the message of verification result |
| count | Number | O | 1 | 1 | This is the number of checked products. Currently the products can be checked one-by-one. |
| product | Array | O | - | - | This is the purchased product information(if successful,require) |
Product
| Parameter | Type | Mandatory | Limit | sample | Description |
|---|---|---|---|---|---|
| log_time | String | M | 14 | 20160321154451 |
This is the purchase history time (YYYYMMDDHHMMSS) |
| appid | String | M | 10 | OA00012345 |
This is the AID |
| product_id | String | M | 10 | 0000044056 |
This is the In-App product ID |
| charge_amount | Number | M | 6 | 300000 |
This is the purchase product price |
| tid | String | O | 100 | 201012226_01047637315_00000239 |
This is the TID issued at the time of purchase request by the developer. |
| detail_pname | String | O | 100 | custom product name |
This value is returned when a detailed product name (product_name) is entered at the time of purchase request.If no value is selected and entered, ‘X’ is set by default. |
| bp_info | String | O | 1024 | utm_source=onestore&utm_medium=iap&utm_campaign=20160325_promotion |
This is the information for the developer’s Application server to confirm |
Status
| Code | Description |
|---|---|
| 0 | Success |
| 9 | ‘No inquiry result’ or ‘Error in parameter and system’ |
Detail
| Code | Description | Note |
|---|---|---|
| 0000 | Success | |
| 1000 | The required parameters are insufficient. | This code is generated when TXID, APPID and signdata parameters are insufficient at the request of inquiry |
| 9100 | No payment information inquiry result | If there is no purchase history using signdata |
| 9113 | Error in verification of e-receipt data validation | |
| 9999 | System error | If a system error is caused by an internal error in the IAP, you need to contact the developer center |
Sample
{
"status" : 0,
"detail" : "0000",
"message" : "successful verification completed",
"count" : 1,
"product" : [{
"log_time" : "20120321154451",
"appid" : "OA12345678",
"product_id" : "0900012345",
"charge_amount" : 1000,
"tid" : "201012226_01047637315_00000239",
"detail_pname" : "custom product name ",
"bp_info" : "X"}]
}
Notice
Since attempts can be made to illegally acquire items in a range of ways in the Android App, the response content passed from the IAP server must be additionally identified in the App server to process the issuance of items. It is strongly recommended for you to follow the instructions below to block multiple illegal attempts in the App server:
- Confirm if the information of a product which requests the issuance of items in the App matches up with the information (appid, product_id, charge_amount, etc.) responded via the e-receipt verification API.
- Check the purchase history time (log_time) and refuse to issue items for the purchases which were made more than a certain amount of time ago(less than 5 minutes are recommended).
- If an item is successfully issued to a certain TID, save the corresponsing history. Any request for the issuance of the item to the same TID should be considered illegal, and such request must be rejected.
- If an App abnormally terminates or a network error occurs in the processing of payment, it is recommended to use a logic in which the purchased item is allowed to be used after identifying the purchase history using the sendCommandRequest method