• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1page.title=In-app Billing Version 2
2@jd:body
3
4<div style="background-color:#fffdeb;width:100%;margin-bottom:1em;padding:.5em;">In-app Billing Version 2 is superseded. Please <a href="{@docRoot}google/play/billing/billing_overview.html#migration">migrate to Version 3</a> at your earliest convenience.</div>
5    <div id="qv-wrapper" style="margin-top:0;">
6<div id="qv">
7
8  <h2>In this document</h2>
9  <ol>
10    <li><a href="#billing-types">Product and Purchase Types</a></li>
11    <li><a href="#billing-arch">Service Architecture</a></li>
12    <li><a href="#billing-msgs">Service Messages</a></li>
13    <ol>
14      <li><a href="#billing-request">Request messages</a></li>
15      <li><a href="#billing-response">Broadcast intents</a></li>
16      <li><a href="#billing-message-sequence">Messaging sequence</a></li>
17      <li><a href="#billing-action-notify">Handling IN_APP_NOTIFY messages</a></li>
18    </ol>
19    <li><a href="#billing-security">Security Controls</a></li>
20    <li><a href="#billing-limitations">Requirements and Limitations</a></li>
21  </ol>
22</div>
23</div>
24
25<p>In-app Billing version 2 is the legacy version of the Google Play In-app
26Billing. Like Version 3, it lets you interact with the Google Play purchase flow
27and payments system indirectly, by means of IPC communication with the Play
28Store app installed on the device. </p>
29
30<p>Unlike Version 3, the Version 2 API is
31asynchronous and uses service messages sent as broadcast intents, so
32it is more complicated than Version 3. </p>
33
34<p>Version 2 supports both unmanaged and managed products, as well as supports
35subscriptions, where Version 3 does not yet offer support for subscriptions. If
36you want to sell subscriptions in your app, you should implement In-app Billing
37Version 2, rather than Version 3. </p>
38
39<p>If you do not need to sell subscriptions, you
40should implement In-app Billing Version 3 instead.</p>
41
42<div class="sidebox-wrapper">
43<div class="sidebox">
44  <h2>New in In-app Billing V2</h2>
45  <p><strong>Free trials</strong>—You can now offer users a configurable free trial period for
46  your in-app subscriptions. You can set up trials with a simple change in the Developer
47  Console—no change to your app code is needed.</p>
48</div>
49</div>
50
51<h2 id="billing-types">Product Types</h2>
52
53<p>In-app Billing Version supports three different product types
54to give you flexibility in how you monetize your app. In all cases, you define
55your products using the Google Play Developer Console, including product type,
56SKU, price, description, and so on. For more information, see <a
57href="{@docRoot}google/play/billing/billing_admin.html">Administering In-app Billing</a>.</p>
58
59<ul>
60<li><em>Managed per user account</em> &mdash; Items that can be purchased only
61once per user account on Google Play. When a user purchases an item that uses
62the "managed per user account" product type, Google Play permanently stores the
63transaction information for each item on a per-user basis. This enables you to
64later query Google Play to restore the state of the items a specific user has
65purchased. If a user attempts to purchase a managed item that has already been
66purchased, Google Play prevents the user from purchasing the item again and
67displays an "Item already purchased" error.
68
69<p>The "managed" product type is useful if you are selling
70items such as game levels or application features. These items are not transient
71and usually need to be restored whenever a user reinstalls your application,
72wipes the data on their device, or installs your application on a new
73device.</p>
74
75<li><em>Unmanaged</em> &mdash; Items that do not have their transaction
76information stored on Google Play. This means that you cannot later query Google
77Play to retrieve transaction information for those items. For "unmanaged"
78purchases, you are responsible for managing the transaction information. Also,
79Google Play does not attempt to prevent the user from purchasing an item
80multiple times if it uses the "unmanaged" product type. It's up to you to
81control how many times an unmanaged item can be purchased.</p>
82
83<p>The "unmanaged" product type is useful if you are selling consumable items,
84such as fuel or magic spells. These items are consumed within your application
85and are usually purchased multiple times.</p></li>
86
87<li><em>Subscriptions</em> &mdash; Items that are sold with a
88developer-specified, recurring billing interval. When a user purchases a
89subscription, Google Play and its payment processor automatically bill the
90user's account at the specified interval and price, charging the amount to the
91original payment method. Once the user purchases a subscription, Google Play
92continues billing the account indefinitely, without requiring approval or action
93from the user. The user can cancel the subscription at any time.
94
95<p>Subscriptions can only be sold using the "managed per user account" purchase
96type. As with in-app products, once the user has purchased an in-app product
97there is no refund window. Users desiring refunds must contact the developer
98directly. For more information about subscriptions and how to sell them in your
99apps, see the <a href="{@docRoot}google/play/billing/v2/billing_subscriptions.html">Subscriptions</a>
100document.</p></li>
101</ul>
102
103<h2 id="billing-arch">Service Architecture</h2>
104
105<p>Your app accesses the In-app Billing service using an API that is exposed by
106the Google Play app installed on the device. The Google Play app then uses an
107asynchronous message loop to convey billing requests and responses between your
108application and the Google Play server. In practice, your application never
109directly communicates with the Google Play server (see figure 1). Instead, your
110application sends billing requests to the Google Play application over
111interprocess communication (IPC) and receives purchase responses from the Google
112Play application in the form of asynchronous broadcast intents. Your application
113does not manage any network connections between itself and the Google Play
114server or use any special APIs from the Android platform.</p>
115
116<div class="figure" style="width:440px">
117<img src="/images/billing_arch.png" alt="" height="582" />
118<p class="img-caption">
119  <strong>Figure 1.</strong> Your application sends and receives billing messages through the
120  Google Play application, which handles all communication with the Google Play server.</p>
121</div>
122
123<p>Some in-app billing implementations may also use a private remote server to deliver content or
124validate transactions, but a remote server is not required to implement in-app billing. A remote
125server can be useful if you are selling digital content that needs to be delivered to a user's
126device, such as media files or photos. You might also use a remote server to store users'
127transaction history or perform various in-app billing security tasks, such as signature
128verification. Although you can handle all security-related tasks in your application, performing
129those tasks on a remote server is recommended because it helps make your application less vulnerable
130to security attacks.</p>
131
132<p>A typical in-app billing implementation relies on three components:</p>
133<ul>
134  <li>A {@link android.app.Service Service} (named <code>BillingService</code> in the sample application),
135  which processes purchase messages from the application and sends billing requests to the Google
136  Play in-app billing service.</li>
137  <li>A {@link android.content.BroadcastReceiver BroadcastReceiver} (named <code>BillingReceiver</code> in the sample
138  application), which receives all asynchronous billing responses from the Google Play
139  application.</li>
140  <li>A security component (named <code>Security</code> in the sample application), which performs
141  security-related tasks, such as signature verification and nonce generation. For more information
142  about in-app billing security, see <a href="#billing-security">Security controls</a> later in this
143  document.</li>
144</ul>
145
146<p>You may also want to incorporate two other components to support in-app billing:</p>
147<ul>
148  <li>A response {@link android.os.Handler Handler} (named <code>ResponseHandler</code> in the sample
149  application), which provides application-specific processing of purchase notifications, errors,
150  and other status messages.</li>
151  <li>An observer (named <code>PurchaseObserver</code> in the sample application), which is
152  responsible for sending callbacks to your application so you can update your user interface with
153  purchase information and status.</li>
154</ul>
155
156<p>In addition to these components, your application must provide a way to store information about
157users' purchases and some sort of user interface that lets users select items to purchase. You do
158not need to provide a checkout user interface. When a user initiates an in-app purchase, the Google
159Play application presents the checkout user interface to your user. When the user completes the
160checkout process, your application resumes.</p>
161
162<h2 id="billing-msgs">In-app Billing Messages</h2>
163
164<p>When the user initiates a purchase, your application sends billing messages to Google Play's
165in-app billing service (named <code>MarketBillingService</code>) using simple IPC method calls. The
166Google Play application responds to all billing requests synchronously, providing your
167application with status notifications and other information. The Google Play application also
168responds to some billing requests asynchronously, providing your application with error messages and
169detailed transaction information. The following section describes the basic request-response
170messaging that takes place between your application and the Google Play application.</p>
171
172<h3 id="billing-request">In-app billing requests</h3>
173
174<p>Your application sends in-app billing requests by invoking a single IPC method
175(<code>sendBillingRequest()</code>), which is exposed by the <code>MarketBillingService</code>
176interface. This interface is defined in an <a
177href="{@docRoot}guide/components/aidl.html">Android Interface Definition Language</a> file
178(<code>IMarketBillingService.aidl</code>). You can <a
179href="{@docRoot}google/play/billing/v2/billing_integrate.html#billing-download">download</a> this AIDL
180file with the in-app billing sample application.</p>
181
182<p>The <code>sendBillingRequest()</code> method has a single {@link android.os.Bundle Bundle} parameter.
183The Bundle that you deliver must include several key-value pairs that specify various parameters for
184the request, such as the type of billing request you are making, the item that is being purchased and
185its type, and the application that is making the request. For more information about the Bundle keys
186that are sent with a request, see <a
187href="{@docRoot}google/play/billing/v2/billing_reference.html#billing-interface">In-app Billing
188Service Interface</a>.
189
190<p>One of the most important keys that every request Bundle must have is the
191<code>BILLING_REQUEST</code> key. This key lets you specify the type of billing request you are
192making. Google Play's in-app billing service supports the following five types of billing
193requests:</p>
194
195<ul>
196  <li><code>CHECK_BILLING_SUPPORTED</code>
197    <p>This request verifies that the Google Play application supports in-app billing. You
198    usually send this request when your application first starts up. This request is useful if you
199    want to enable or disable certain UI features that are relevant only to in-app billing.</p>
200  </li>
201  <li><code>REQUEST_PURCHASE</code>
202    <p>This request sends a purchase message to the Google Play application and is the foundation
203    of in-app billing. You send this request when a user indicates that he or she wants to purchase
204    an item in your application. Google Play then handles the financial transaction by displaying
205    the checkout user interface.</p>
206  </li>
207  <li><code>GET_PURCHASE_INFORMATION</code>
208    <p>This request retrieves the details of a purchase state change. A purchase changes state when
209    a requested purchase is billed successfully or when a user cancels a transaction during
210    checkout. It can also occur when a previous purchase is refunded. Google Play notifies your
211    application when a purchase changes state, so you only need to send this request when there is
212    transaction information to retrieve.</p>
213  </li>
214  <li><code>CONFIRM_NOTIFICATIONS</code>
215    <p>This request acknowledges that your application received the details of a purchase state
216    change. Google Play sends purchase state change notifications to your application until you
217    confirm that you received them.</p>
218  </li>
219  <li><code>RESTORE_TRANSACTIONS</code>
220    <p>This request retrieves a user's transaction status for <a
221    href="{@docRoot}google/play/billing/billing_admin.html#billing-purchase-type">managed
222    purchases</a> and <a
223    href="{@docRoot}google/play/billing/billing_admin.html#billing-purchase-type">subscriptions</a>.
224    You should send this request only when you need to retrieve a user's transaction
225    status, which is usually only when your application is reinstalled or installed for the first
226    time on a device.</p>
227  </li>
228</ul>
229
230<h3 id="billing-response">In-app Billing Responses</h3>
231
232<p>The Google Play application responds to in-app billing requests with both synchronous and
233asynchronous responses. The synchronous response is a {@link android.os.Bundle Bundle} with the following
234three keys:</p>
235
236<ul>
237  <li><code>RESPONSE_CODE</code>
238    <p>This key provides status information and error information about a request.</p>
239  </li>
240  <li><code>PURCHASE_INTENT</code>
241    <p>This key provides a {@link android.app.PendingIntent PendingIntent}, which you use to launch the checkout
242    activity.</p>
243  </li>
244  <li><code>REQUEST_ID</code>
245    <p>This key provides you with a request identifier, which you can use to match asynchronous
246    responses with requests.</p>
247  </li>
248</ul>
249<p>Some of these keys are not relevant to every request. For more information, see <a
250href="#billing-message-sequence">Messaging sequence</a> later in this document.</p>
251
252<p>The asynchronous response messages are sent in the form of individual broadcast intents and
253include the following:</p>
254
255<ul>
256    <li><code>com.android.vending.billing.RESPONSE_CODE</code>
257    <p>This response contains a Google Play server response code, and is sent after you make an
258    in-app billing request. A server response code can indicate that a billing request was
259    successfully sent to Google Play or it can indicate that some error occurred during a billing
260    request. This response is <em>not</em> used to report any purchase state changes (such as refund
261    or purchase information). For more information about the response codes that are sent with this
262    response, see <a
263    href="{@docRoot}google/play/billing/v2/billing_reference.html#billing-codes">Server Response Codes
264    for In-app Billing</a>.</p>
265  </li>
266  <li><code>com.android.vending.billing.IN_APP_NOTIFY</code>
267    <p>This response indicates that a purchase has changed state, which means a purchase succeeded,
268    was canceled, or was refunded. This response contains one or more notification IDs. Each
269    notification ID corresponds to a specific server-side message, and each messages contains
270    information about one or more transactions. After your application receives an
271    <code>IN_APP_NOTIFY</code> broadcast intent, you send a <code>GET_PURCHASE_INFORMATION</code>
272    request with the notification IDs to retrieve message details.</p>
273  </li>
274  <li><code>com.android.vending.billing.PURCHASE_STATE_CHANGED</code>
275    <p>This response contains detailed information about one or more transactions. The transaction
276    information is contained in a JSON string. The JSON string is signed and the signature is sent
277    to your application along with the JSON string (unencrypted). To help ensure the security of
278    your in-app billing messages, your application can verify the signature of this JSON string.</p>
279  </li>
280</ul>
281
282<p>The JSON string that is returned with the <code>PURCHASE_STATE_CHANGED</code> intent provides
283your application with the details of one or more billing transactions. An example of this JSON
284string for a subscription item is shown below:</p>
285<pre class="no-pretty-print" style="color:black">{ "nonce" : 1836535032137741465,
286  "orders" :
287    [{ "notificationId" : "android.test.purchased",
288       "orderId" : "transactionId.android.test.purchased",
289       "packageName" : "com.example.dungeons",
290       "productId" : "android.test.purchased",
291       "developerPayload" : "bGoa+V7g/yqDXvKRqq+JTFn4uQZbPiQJo4pf9RzJ",
292       "purchaseTime" : 1290114783411,
293       "purchaseState" : 0,
294       "purchaseToken" : "rojeslcdyyiapnqcynkjyyjh" }]
295}
296</pre>
297
298<p>For more information about the fields in this JSON string, see <a
299href="{@docRoot}google/play/billing/v2/billing_reference.html#billing-intents">In-app Billing
300Broadcast Intents</a>.</p>
301
302<h3 id="billing-message-sequence">Messaging sequence</h3>
303
304<p>The messaging sequence for a typical purchase request is shown in figure 2. Request types for
305each <code>sendBillingRequest()</code> method are shown in <strong>bold</strong>, broadcast intents
306are shown in <em>italic</em>. For clarity, figure 2 does not show the <code>RESPONSE_CODE</code>
307broadcast intents that are sent for every request.</p>
308
309<p>The basic message sequence for an in-app purchase request is as follows:</p>
310
311<ol>
312  <li>Your application sends a purchase request (<code>REQUEST_PURCHASE</code> type), specifying a
313  product ID and other parameters.</li>
314  <li>The Google Play application sends your application a Bundle with the following keys:
315  <code>RESPONSE_CODE</code>, <code>PURCHASE_INTENT</code>, and <code>REQUEST_ID</code>. The
316  <code>PURCHASE_INTENT</code> key provides a {@link android.app.PendingIntent PendingIntent}, which your
317  application uses to start the checkout UI for the given product ID.</li>
318  <li>Your application launches the pending intent, which launches the checkout UI.
319    <p class="note"><strong>Note:</strong> You must launch the pending intent from an activity
320    context and not an application context.</p>
321  </li>
322  <li>When the checkout flow finishes (that is, the user successfully purchases the item or cancels
323  the purchase), Google Play sends your application a notification message (an
324  <code>IN_APP_NOTIFY</code> broadcast intent). The notification message includes a notification ID,
325  which references the transaction.</li>
326  <li>Your application requests the transaction information by sending a
327  <code>GET_PURCHASE_STATE_CHANGED</code> request, specifying the notification ID for the
328  transaction.</li>
329  <li>The Google Play application sends a Bundle with a <code>RESPONSE_CODE</code> key and a
330  <code>REQUEST_ID</code> key.
331  <li>Google Play sends the transaction information to your application in a
332  <code>PURCHASE_STATE_CHANGED</code> broadcast intent.</li>
333  <li>Your application confirms that you received the transaction information for the given
334  notification ID by sending a confirmation message (<code>CONFIRM_NOTIFICATIONS</code> type),
335  specifying the notification ID for which you received transaction information.</li>
336  <li>The Google Play application sends your application a Bundle with a
337  <code>RESPONSE_CODE</code> key and a <code>REQUEST_ID</code> key.</li>
338</ol>
339
340<img src="/images/billing_request_purchase.png" height="231" id="figure2" />
341<p class="img-caption">
342  <strong>Figure 2.</strong> Message sequence for a purchase request.
343</p>
344
345<p>Keep in mind, you must send a confirmation when you receive transaction information from Google
346Play (step 8 in figure 2). If you don't send a confirmation message, Google Play will
347continue sending <code>IN_APP_NOTIFY</code> messages for the transactions you have not
348confirmed. As a best practice, you should not send a <code>CONFIRM_NOTIFICATIONS</code> request for
349a purchased item until you have delivered the item to the user. This way, if your application
350crashes or something else prevents your application from delivering the product, your application
351will still receive an <code>IN_APP_NOTIFY</code> broadcast intent from Google Play indicating
352that you need to deliver the product. Also, as a best practice, your application must be able to
353handle <code>IN_APP_NOTIFY</code> messages that contain multiple orders.</p>
354
355<p>The messaging sequence for a restore transaction request is shown in figure 3. Request types for
356each <code>sendBillingRequest()</code> method are shown in <strong>bold</strong>, broadcast intents
357are shown in <em>italic</em>. For clarity, figure 3 does not show the <code>RESPONSE_CODE</code>
358broadcast intents that are sent for every request.</p>
359
360<div class="figure" style="width:490px">
361<img src="/images/billing_restore_transactions.png" alt="" height="168" />
362<p class="img-caption">
363  <strong>Figure 3.</strong> Message sequence for a restore transactions request.
364</p>
365</div>
366
367<p>The request triggers three responses. The first is a {@link android.os.Bundle Bundle} with a
368<code>RESPONSE_CODE</code> key and a <code>REQUEST_ID</code> key. Next, the Google Play
369application sends a <code>RESPONSE_CODE</code> broadcast intent, which provides status information
370or error information about the request. As always, the <code>RESPONSE_CODE</code> message references
371a specific request ID, so you can determine which request a <code>RESPONSE_CODE</code> message
372pertains to.</p>
373
374<p>The <code>RESTORE_TRANSACTIONS</code> request type also triggers a
375<code>PURCHASE_STATE_CHANGED</code> broadcast intent, which contains the same type of transaction
376information that is sent during a purchase request. Unlike with a purchase request, however, the transactions
377are given without any associated notification IDs, so you do not need to respond to this
378intent with a <code>CONFIRM_NOTIFICATIONS</code> message. </p>
379
380<p class="note"><strong>Note:</strong> You should use the <code>RESTORE_TRANSACTIONS</code> request
381type only when your application is installed for the first time on a device or when your
382application has been removed from a device and reinstalled.</p>
383
384<p>The messaging sequence for checking whether in-app billing is supported is shown in figure 4. The
385request type for the <code>sendBillingRequest()</code> method is shown in <strong>bold</strong>.</p>
386
387<div class="figure" style="width:454px">
388<img src="/images/billing_check_supported.png" alt="" height="168" />
389<p class="img-caption">
390  <strong>Figure 4.</strong> Message sequence for checking whether in-app billing is supported.
391</p>
392</div>
393
394<p>The synchronous response for a <code>CHECK_BILLING_SUPPORTED</code> request provides a Bundle
395with a server response code.  A <code>RESULT_OK</code> response code indicates that in-app billing
396is supported; a <code>RESULT_BILLING_UNAVAILABLE</code> response code indicates that in-app billing
397is unavailable because the API version you specified is unrecognized or the user is not eligible to
398make in-app purchases (for example, the user resides in a country that does not allow in-app
399billing). A <code>SERVER_ERROR</code> can also be returned, indicating that there was a problem with
400the Google Play server.</p>
401
402<h3 id="billing-action-notify">Handling IN_APP_NOTIFY messages</h3>
403
404<p>Usually, your application receives an <code>IN_APP_NOTIFY</code> broadcast intent from Google
405Play in response to a <code>REQUEST_PURCHASE</code> message (see figure 2). The
406<code>IN_APP_NOTIFY</code> broadcast intent informs your application that the state of a requested
407purchase has changed. To retrieve the details of that purchase, your application sends a
408<code>GET_PURCHASE_INFORMATION</code> request. Google Play responds with a
409<code>PURCHASE_STATE_CHANGED</code> broadcast intent, which contains the details of the purchase
410state change. Your application then sends a <code>CONFIRM_NOTIFICATIONS</code> message, informing
411Google Play that you have received the purchase state change information.</p>
412
413<p>In some special cases, you may receive multiple <code>IN_APP_NOTIFY</code> messages even though
414you have confirmed receipt of the purchase information, or you may receive
415<code>IN_APP_NOTIFY</code> messages for a purchase change even though you never initiated the
416purchase. Your application must handle both of these special cases.</p>
417
418<h4>Handling multiple IN_APP_NOTIFY messages</h4>
419
420<p>When Google Play receives a <code>CONFIRM_NOTIFICATIONS</code> message for a given
421<code>PURCHASE_STATE_CHANGED</code> message, it usually stops sending <code>IN_APP_NOTIFY</code>
422intents for that <code>PURCHASE_STATE_CHANGED</code> message. Sometimes, however, Google
423Play may send repeated <code>IN_APP_NOTIFY</code> intents for a
424<code>PURCHASE_STATE_CHANGED</code> message even though your application has sent a
425<code>CONFIRM_NOTIFICATIONS</code> message. This can occur if a device loses network connectivity
426while you are sending the <code>CONFIRM_NOTIFICATIONS</code> message. In this case, Google Play
427might not receive your <code>CONFIRM_NOTIFICATIONS</code> message and it could send multiple
428<code>IN_APP_NOTIFY</code> messages until it receives acknowledgement that you received the
429transaction message. Therefore, your application must be able to recognize that the subsequent
430<code>IN_APP_NOTIFY</code> messages are for a previously processed transaction. You can do this by
431checking the <code>orderID</code> that's contained in the JSON string because every transaction has
432a unique <code>orderId</code>.</p>
433
434<h4>Handling refunds and other unsolicited IN_APP_NOTIFY messages</h4>
435
436<p>There are two cases where your application may receive <code>IN_APP_NOTIFY</code> broadcast
437intents even though your application has not sent a <code>REQUEST_PURCHASE</code> message. Figure 5
438shows the messaging sequence for both of these cases. Request types for each
439<code>sendBillingRequest()</code> method are shown in <strong>bold</strong>, broadcast intents are
440shown in <em>italic</em>. For clarity, figure 5 does not show the <code>RESPONSE_CODE</code>
441broadcast intents that are sent for every request.</p>
442
443<div class="figure" style="width:481px">
444<img src="/images/billing_refund.png" alt="" height="189" />
445<p class="img-caption">
446  <strong>Figure 5.</strong> Message sequence for refunds and other unsolicited
447IN_APP_NOTIFY messages.</p>
448</div>
449
450<p>In the first case, your application may receive an <code>IN_APP_NOTIFY</code> broadcast intent
451when a user has your application installed on two (or more) devices and the user makes an in-app
452purchase from one of the devices. In this case, Google Play sends an <code>IN_APP_NOTIFY</code>
453message to the second device, informing the application that there is a purchase state change. Your
454application can handle this message the same way it handles the response from an
455application-initiated <code>REQUEST_PURCHASE</code> message, so that ultimately your application
456receives a <code>PURCHASE_STATE_CHANGED</code> broadcast intent message that includes information
457about the item that has been purchased. This applies only to items that have their product type
458set to "managed per user account."</p>
459
460<p>In the second case, your application can receive an <code>IN_APP_NOTIFY</code> broadcast intent
461when Google Play receives a refund notification from Google Wallet. In this case, Google
462Play sends an <code>IN_APP_NOTIFY</code> message to your application. Your application can handle
463this message the same way it handles responses from an application-initiated
464<code>REQUEST_PURCHASE</code> message so that ultimately your application receives a
465<code>PURCHASE_STATE_CHANGED</code> message that includes information about the item that has been
466refunded. The refund information is included in the JSON string that accompanies the
467<code>PURCHASE_STATE_CHANGED</code> broadcast intent. Also, the <code>purchaseState</code> field in
468the JSON string is set to 2.</p>
469
470<p class="caution"><strong>Important:</strong> You cannot use the Google Wallet API to
471issue refunds or cancel in-app billing transactions. You must do this manually through your
472Google Wallet merchant account. However, you can use the Google Wallet API to retrieve order
473information.</p>
474
475<h2 id="billing-security">Security Controls</h2>
476
477<p>To help ensure the integrity of the transaction information that is sent to your application,
478Google Play signs the JSON string that is contained in the <code>PURCHASE_STATE_CHANGED</code>
479broadcast intent. Google Play uses the private key that is associated with the app to create
480this signature. The Developer Console generates an RSA key pair for each app.
481You can find the public key portion of this key pair in the app's publishing details
482in the Developer Console, under <strong>Settings</strong>, in the License Key field.</p>
483
484<p>When Google Play signs a billing response, it includes the signed JSON string (unencrypted)
485and the signature. When your application receives this signed response you can use the public key
486portion of your RSA key pair to verify the signature. By performing signature verification you can
487help detect responses that have been tampered with or that have been spoofed. You can perform this
488signature verification step in your application; however, if your application connects to a secure
489remote server then we recommend that you perform the signature verification on that server.</p>
490
491<p>In-app billing also uses nonces (a random number used once) to help verify the integrity of the
492purchase information that's returned from Google Play. Your application must generate a nonce and
493send it with a <code>GET_PURCHASE_INFORMATION</code> request and a <code>RESTORE_TRANSACTIONS</code>
494request. When Google Play receives the request, it adds the nonce to the JSON string that
495contains the transaction information. The JSON string is then signed and returned to your
496application. When your application receives the JSON string, you need to verify the nonce as well as
497the signature of the JSON string.</p>
498
499<p>For more information about best practices for security and design, see <a
500href="{@docRoot}google/play/billing/billing_best_practices.html">Security and Design</a>.</p>
501
502<h2 id="billing-limitations">In-app Billing Requirements and Limitations</h2>
503
504<p>Before you get started with in-app billing, be sure to review the following requirements and
505limitations.</p>
506
507<ul>
508  <li>In-app billing can be implemented only in applications that you publish through Google
509  Play.</li>
510  <li>You must have a Google Wallet Merchant account to use Google Play In-app Billing.</li>
511  <li>In-app billing requires version 2.3.4 (or higher) of the Android Market application.
512  To support subscriptions, version 3.5 or higher of the Google Play app is required. On devices
513  running Android 3.0, version 5.0.12 (or higher) of the MyApps application is required.</li>
514  <li>An application can use in-app billing only if the device is running Android 1.6 (API level 4)
515  or higher.</li>
516  <li>You can use in-app billing to sell only digital content. You cannot use in-app billing to sell
517  physical goods, personal services, or anything that requires physical delivery.</li>
518  <li>Google Play does not provide any form of content delivery. You are responsible for
519  delivering the digital content that you sell in your applications.</li>
520  <li>You cannot implement in-app billing on a device that never connects to the network. To
521  complete in-app purchase requests, a device must be able to access the Google Play server over
522  the network. </li>
523</ul>
524