cordova-plugin-google-play-verify

A professional, enterprise-grade Cordova plugin for Server-Side Verification of Google Play Subscriptions and In-App Products. This plugin utilizes a Native Java Bridge to communicate directly with the Google Publisher API, ensuring maximum security and reliability for your billing system.

💸 Why choose this plugin? (Free vs Paid)

Unlike third-party services (e.g., RevenueCat, Qonversion) that charge monthly fees or take a cut of your revenue, this plugin is 100% FREE.

• Direct Connection: We connect your app directly to Google's official infrastructure (Google Cloud Platform).
• No Middleman: Your data stays between you and Google. No third-party servers involved.
• Zero Cost: Because we use the official GCP path, you avoid the "convenience tax" charged by other platforms.

Because this is the official method, the setup steps are MANDATORY. You are essentially configuring your own backend security, which gives you full control and saves you money.

📊 Quotas & API Versions

• Generous Quota: Google provides a default quota of 200,000 requests per day (per app). This is more than sufficient for almost any subscription-based app unless you have millions of daily active users checking subscriptions every second.
• Latest Technology: This guide and plugin utilizes the modern com.google.apis:google-api-services-androidpublisher:v3. Please ignore older tutorials referencing v1 or v2 APIs as they are obsolete.

🚀 Key Features

• Native-Level Security: Moves sensitive verification logic from vulnerable JavaScript to the Android Native layer.
• Sandbox Self-Healing: Built-in automatic handling for the common Error 400 (subscriptionInvalidArgument) bug found in the Google Play Sandbox environment for Prepaid plans.
• Production-Ready Data: Java returns pre-processed data (isPremium, expiryTimeMillis) so you can build professional membership UIs without complex date manipulation.
• Fraud Protection: Integrated support for the Voided Purchases API to detect and block users who have fraudulently claimed refunds.
• Detailed Developer Logs: Provides a comprehensive debugLog string from Native to your JS console for rapid troubleshooting.

🛠 Installation

This plugin is designed to verify purchases made with the standard billing plugin.

# 1. Install the Purchase plugin (Required to initiate purchases & get tokens)
cordova plugin add cordova-plugin-purchase

# 2. Install the Verification plugin (Required to verify receipts securely)
cordova plugin add cordova-plugin-google-play-verify

📋 Setup Prerequisites (Important)

To use this plugin, you must configure a Google Cloud Service Account. This is required to authorize your app to speak with Google servers.

👉 CLICK HERE for the Full Setup Guide (Step-by-Step)

Summary of requirements:

1. Google Cloud Console: Enable the Google Play Android Developer API.
2. Service Account: Create a Service Account, generate a JSON Key, and download it.
3. Play Console: Link your GCP project and invite the Service Account email under "Users & Permissions" with "View financial data" permissions.

📖 API Usage

1. Configuration

Store your Service Account JSON securely. It is recommended to load it from an external configuration file (e.g., config.js).

const params = {
    purchaseToken: "token-from-google-play", // Obtained from CdvPurchase
    subscriptionId: "your_product_id",
    packageName: "com.your.package",
    credentials: MY_CONFIG.SERVICE_ACCOUNT // Full JSON object
};

2. Verify Subscriptions (Prepaid & Recurring)

Handles all subscription types with automatic Sandbox fixes.

cordova.plugins.GoogleSubVerify.getSubscriptionStatus(params, (res) => {
    // res.debugLog contains technical details for your dev console
    console.log(res.debugLog);

    if (res.isPremium) {
        const expiry = new Date(res.expiryTimeMillis).toLocaleString();
        console.log("Access Granted! Expiry: " + expiry);
    } else {
        console.log("Access Denied: Expired or Invalid.");
    }
}, (err) => {
    console.error("Verification Error: " + err);
});

3. Verify One-Time Products (IAP)

Use this for consumable items (coins/gems) or permanent unlocks.

cordova.plugins.GoogleSubVerify.getProductStatus(params, (res) => {
    console.log(res.debugLog);
    if (res.isValid) {
        console.log("In-App Product verified successfully!");
    }
}, (err) => {
    console.error(err);
});

4. Acknowledge Purchase (Required)

Mandatory: You must acknowledge purchases within 3 days to prevent automatic refunds by Google Play.

cordova.plugins.GoogleSubVerify.acknowledge(params, (res) => {
    console.log("Transaction acknowledged: " + res.message);
}, (err) => {
    console.error("Acknowledge failed: " + err);
});

5. Fraud Detection (Voided Purchases)

Scan for transactions that were refunded or cancelled after access was granted.

cordova.plugins.GoogleSubVerify.voidedPurchases(params, (res) => {
    console.log("Total voided transactions found: " + res.totalVoided);
    res.voidedList.forEach(item => {
        console.warn("Fraudulent Order ID: " + item.orderId);
    });
}, (err) => {
    console.error(err);
});

⚠️ Error Handling

The plugin translates complex Google API errors into readable instructions:

• 401: Invalid/Expired Service Account credentials.
• 403: Permission denied (Check Play Console settings).
• 404: Product ID or Purchase Token not found.
• 400 (Fixed): Automatically handled for Sandbox Prepaid "Invalid Argument" bugs.

❤️ Support the Project

This plugin is developed and maintained in my free time. If it saved you hours of work, consider supporting the development!

Your support helps me keep the dependencies updated and the cleaner script running smoothly.

📄 License

Licensed under the MIT License.

---

Contributions & Feedback: If you find a bug or have a suggestion, please open an issue or submit a pull request on GitHub. Your support is appreciated!