I want to protect and verify in-app purchases against counterfeit transactions using PHP with the Google Play Developer API. I have reviewed Google Docs for this. I first created an access_token by completing the steps in this link https://developers.google.com/android-publisher/authorization. Then i tried performing the actions described in this link https://developers.google.com/android-publisher/api-ref/purchases/products/get#auth, but I failed. My code and the result I get is the following.
My codes:
<?php
$curl = curl_init();
$headers = array(
'access_token: my_access_token',
'expires_in: 3600',
'token_type: Bearer'
);
curl_setopt($curl, CURLOPT_HTTPHEADER, $headers);
curl_setopt($curl, CURLOPT_URL, "https://www.googleapis.com/androidpublisher/v2/applications/my.package.name/purchases/products/myProductId/tokens/myPurchaseToken");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$result=curl_exec($curl);
echo $result;
curl_close($curl);
?>
The result:
{
error: {
errors: [
{
domain: "global",
reason: "required",
message: "Login Required",
locationType: "header",
location: "Authorization"
}
],
code: 401,
message: "Login Required"
}
}
Where am I doing wrong, what should I do? Thank you from now.
You can not give header like that with bearer type tokens. Your code should be like:
<?php
$curl = curl_init();
$authorization = "Authorization: Bearer your_access_token";
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json' , $authorization ));
curl_setopt($curl, CURLOPT_URL, "https://www.googleapis.com/androidpublisher/v2/applications/my.package.name/purchases/products/myProductId/tokens/myPurchaseToken");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$result=curl_exec($curl);
echo $result;
curl_close($curl);
?>