AndAppStore : Purchase Checking

Purchase Checking

If your application has been purchased via AndAppStore we provide a method for you to check that the device the application is running on is the device the user paid for. To do this you'll need the following pieces of information;

The users AndAppStore account email address.
The device ID the application is running on which can be obtained using;
  ((TelephonyManager)ApplicationDownloadService.
    this.
      getSystemService(Context.TELEPHONY_SERVICE)).
        getDeviceId()
Your applications AndAppStore ID (which is visible in its' submission page at AndAppStore)
The API key from your applications details page on AndAppStore (which you set in your applications details page linked to from its' submission page at AndAppStore)

How to check the purchase

You will need to perform an HTTP POST to http://andappstore.com/AndroidApplications/purchaseCheck passing the following parameters;

u=[andappstore_account_email]
d=[device_id]
a=[your_andappstore_application_id]

In response you will receive either an empty response if the application isn't authorized or the SHA1 hash of the device ID and your applications API key concatenated

Test account

For testing please use the following test account details;

Application ID : 543788
Valid purchaser : test@andappstore.com
Device ID : 98765
API Key : PURCHASING-API-KEY

Example

If your application has the AndAppStore ID 543788, the user is test@andappstore.com, and the device ID is 98765, and your applications API key is PURCHASING-API-KEY, you would call the following URL;

http://andappstore.com/ClientSupport/check

And post the following data;

u=test%40andappstore.com&d=98765&a=543788

in return you will get an array of 20 bytes. You should verify this matches what you expect by running the following code;

public boolean isValidPurchase(final byte[] fromServer) {			
  if( fromServer == null || fromServer.length == 0 ) 
    return false;
    
  MessageDigest md = MessageDigest.getInstance("SHA1");
  byte[] digest = md.digest("98765PURCHASING-API-KEY".getBytes("UTF-8"));
  return Arrays.equals(fromServer, digest);
}

which will return true if the purchase is valid, or false if it is not.

Getting the AndAppStore username

The versions 1.5.1 (and later) of the AndAppStore client includes a content provider which allows you to get the username given to the client for their AndAppStore login.

To get the username you can use the following;

String username = null;
ContentResolver cr = getContentResolver();
Cursor curs = cr.query(Uri.parse("content://com.andappstore.client/user"), 
                       null, null, null, null);
try {
  if(curs.moveToNext()) {
    username = curs.getString(0);
  }
} finally {
  curs.close();
}

AndAppStore Apps for every Android device.	[New Releases] [Popular Apps] [All Apps] [Categories] [Pre-Release]
	[About] [Login] [Register] [Help] [Contact
	Search :