Skip to main content

REST

Endpoints

The following public API endpoints are available on the api.iapguard.com domain:

MethodBase URLRequest Type
Validate Receipt/v1/receipt/{appid}POST
Get User/v1/user/{appid}/{userid}GET

Validate Receipt

Call this function from a client to validate an in-app purchase receipt for its authenticity. While the response will either be a successful or failed validation, only successful and new purchase validations will increase your transaction count. For error handling, please see the list of Errors available.

caution

Do not validate all receipts of a user on every app launch, as these requests will potentially fail as duplicates. Instead, only validate receipts in-between or after the purchase workflow for new or still pending transactions.

Request

JSON encoded values in request body.

FieldDescription
storeThe originating App Store. GooglePlay, AppleAppStore or PayPal
bidYour application bundle identifier as displayed on the App Store. Not validated on PayPal.
pidThe product identifier that was purchased, as displayed on the App Store. On PayPal for reference only.
typeProduct type. Consumable, Non-Consumable or Subscription. This is required as we do not store or read your App Store IAP data. Note: on Apple, non-renewing subscriptions should use the type Non-Consumable.
userOptional. User ID uniquely identifying the currently authenticated user in your application. See User Storage.
receiptApp Store-generated unique transaction identifier.

Response

Success: HTTP Status 200.
Failed: HTTP Status 400 (see Errors).

FieldDescription
storeThe originating App Store. GooglePlay, AppleAppStore or PayPal
userThe client-provided or server generated user identifier.
transactionApp Store-generated unique transaction identifier. Can be different to the request, if there is an updated transaction available.
data
(object)
Receipt data of the accountable purchase. Please see below for a separate listing.
Data FieldDescription
statusSubscription only.
0: active, 1: cancelled, 2: expired,
3: billing retry period, 4: billing grace period,
5: revoked/refunded, 6: paused (Google Play)
typeProduct type. Consumable, Non-Consumable or Auto-Renewable Subscription.
expiresDateSubscription only. UNIX time in milliseconds when the subscription expires or renews.
autoRenewSubscription only. true or false. false when expired or cancelled.
cancelReasonSubscription only. Not always present, except on status = 1.
0: User canceled, 1: canceled by system, i.e. test cycle ends or on billing errors, 2: replaced (Google Play),
3: canceled by developer (Google Play), 4: declined price increase (Apple),
5: product unavailable at renewal (Apple)
billingRetrySubscription only. true or false. true when billing is attempting to renew an expired subscription.
productIdThe product identifier that was purchased, as displayed on the App Store. On PayPal for reference only.
groupIdSubscription only. Apple only.
Group identifier the subscription belongs to.
sandboxtrue: Sandbox environment,
false: Production environment

Example

//IAPGUARD endpoint URL
$url = 'https://api.iapguard.com/v1/receipt/yourapplicationid';

//Request content
$data = json_encode(array(
"store" => "GooglePlay",
"bid" => "com.flobuk.SimpleIAPSystem",
"pid" => "coins",
"type" => "Consumable",
"user" => "userX",
"receipt" => "ihmndabonhehhfcbiiakbnmp..."));

//Initialize CURL session
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));

//Execute Request
$result = curl_exec($ch);

//Close CURL session
curl_close($ch);

//Print Request result
print_r ($result);

Get User

Call this function from a client to retrieve all of its current and most recent in-app purchases. For subscription products, only the most recent transaction and status is returned. Note that this method not only returns active, but also expired / on hold / cancelled subscriptions, allowing you to reactively give users more information or incentive to resubscribe. Always check the product status before granting it.

caution

Do not try to request the user's inventory too often, e.g. every time the user enters your shop, or every few minutes. This will cause bandwidth overhead and failed requests. Instead, cache your user's inventory in memory for the session duration, at least minimizing calls down to one request per application launch.

If you expect your application to be opened frequently over the course of a day, even try to minimize calls down to one request per day using an internal timer and cache the user's inventory locally. If users do not have a purchase registered locally, usually an inventory request would not return any results either, so in this case it could be skipped too.

Also there is no need to request the user inventory following a receipt validation request. Simply add the successful purchase response to your local user inventory for the current session.

Request

This endpoint does not have any required input parameters.

Response

FieldDescription
purchasesArray of purchase data objects in the user's inventory. For details please see the data object in the validation response.
expiresDateOptional. Only returned for existing users.
UNIX time in milliseconds when the record expires.

Example

//IAPGUARD endpoint URL
$url = 'https://api.iapguard.com/v1/user/yourapplicationid/userX';

//Initialize CURL session
$ch = curl_init($url);

//Execute Request
curl_exec($ch);

//Close CURL session
curl_close($ch);