Question Detail

How to verify google play in-app purchase Subscription on Server Side php?

5 years ago Views 35896 Visit Post Reply

I have implemented In-App Purchase in Android application after subscribing from App (in-App purchase) monthly transaction will be done and the user got a Credit against the payment. Now I want to validate on In-app Purchase receipt on my Server to provide them credit successfully. 

I have found documentation if I am not wrong through android Purchases.subscriptions: get Document  

this is the process there defined is below please provide me right suggestion how to Validate In-app Purchase Subscription receipt 


HTTP request




Parameter name Value Description
Path parameters
packageName string The package name of the application for which this subscription was purchased (for example, 'com.some.thing').
subscriptionId string The purchased subscription ID (for example, 'monthly001').
token string The token provided to the user's device when the subscription was purchased.


This request requires authorization with the following scope (read more about authentication and authorization).


Request body

Do not supply a request body with this method.



I have followed steps still gives me the error :


    "error": {
        "errors": [
                "domain": "global",
                "reason": "required",
                "message": "Login Required",
                "locationType": "header",
                "location": "Authorization"
        "code": 401,
        "message": "Login Required"

Thread Reply

Nick Johnson

- 5 years ago

Before you can use the API, you will need to set up an APIs Console project, create a client ID and its Secret Key.

To Access APIs you should have below mantioned Variable Values:

  1. Client ID - (ClientID will be in your Google Developer Console- Credentials Go this URL and click on Create Credentials Button-> OAuth Client ID-> Web Application then set Your domain and Redirect URL Click Create button )
  2. Client Secret - (ClientID will be in your Google Developer Console- Credentials by following above steps)
  3. Redirect Uri - (When you Create Client ID there were you enter a redirect URL Copy that one)
  4. Refresh Token - (To Create Refresh Token follow steps)
  5. App Id - (This is Your Android App Package Name)
  6. Product ID - (This is your Subscription ID which is you entered in In-App Purchase)
  7. Purchase Token - (Purchase token will receive to you when you Purchase or Subscribe you will get Purchase Token)


Copy below index.php 


$ch = curl_init();

$clientId = '';


$TOKEN_URL = "";

$input_fields = 'refresh_token='.$refreshToken.

//Request to google oauth for authentication
curl_setopt($ch, CURLOPT_URL, $TOKEN_URL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $input_fields);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$result = curl_exec($ch);
$result = json_decode($result, true);
if (!$result || !$result["access_token"]) {
//request to play store with the access token from the authentication request
$ch = curl_init();
curl_setopt($ch,CURLOPT_RETURNTRANSFER, true);
$result1 = curl_exec($ch);
$result1 = json_decode($result1, true);
if (!$result1 || $result1["error"] != null) {



If you already created refresh token it will be not visible to you AGAIN. you have to create new one for new Refresh Token.

To Create Refresh token you need Access token first for that you have to hit below Url with your CLIENT_ID and REDIRECT_URL


Copy code variable from Url ACCESS_TOKEN (code)

Now you have your access_token (code)


Hit token URL with Post method

and pass varibles in body

"grant_type":"authorization_code"   //Keep it same
"code":"4/AAAHZKZbq_ACCESS_TOKEN_PASTE_HERE_D1x_1B3rJ0#"   //change it with your Details 
"client_id":"YOUR CLIENTID HERE"    //change it with your Details 
"client_secret":"YOUR SECRET KEY HERE"   //change it with your Details 
"redirect_uri":"YOUR REDIRECT URL"   //change it with your Details 


you should get response {
    "access_token": "ya29.G**************COy-QF1w7-Ei****jDw_c1_g****jrQ8s4******3GACNXf1le",
    "expires_in": 3600,
    "refresh_token": "1/HJA____THIS IS REFRESH TOKEN______ GJh8U",
    "token_type": "Bearer"