ONE store IAP Server API
Overview
ONE store IAP Server API indicates Open API to check the data of in-app, which has been billed on ONE store or to change the billing status.
OAuth authentication is necessary to use this API.
Host URL
The URL of {host} used in this document is shown below.
SANDBOX(development)
Commercial
ONE store OAuth
OAuth overview
OAuth authentication is necessary for interworking with ONE store Server Open API.
Understanding ONE store OAuth v2
AccessToken is the value that can get issued through ONE store’s Server Open API, and it is used as the authentication value when the Server Open API provided by ONE store is called.
AccessToken has a default duration of 3,600 seconds. When the valid duration expires or is less than 600 seconds, if you call getAccessToken(), a new AccessToken will be issued.
The existing AccessToken is also available until the valid duration ends.
Numerous AccessTokens get issued in this way, and therefore you can acquire and use AccessTokens differentiated for each service instance of the developer.
The typical interworking flow is as follows
Call the process for obtaining AccessToken (no.1) when the authentication error occurs during API calls.
Use the Authorization Bearer scheme to call ONE store IAP Server API, and the call sample is as shown below.
GET /v6/apps/com.onestore.game.goindol/purchases/inapp/products/product01/SANDBOXT000120004476 HTTP/1.1Host: sbpp.onestore.co.krAuthorization: Bearer 680b3621-1234-1234-1234-8adfaef561b4
‘Bearer + Vavant + AccessToken’ must be entered exactly and case-sensitive in the Authorization header as seen in the example above. The Bearer’s value is the value of AccessToken, which has been issued by calling upon getAccessToken().
Incorrect example
Authorization: 680b3621-1234-1234-1234-8adfaef561b4Authorization: bearer 680b3621-1234-1234-1234-8adfaef561b4Authorization: Bearer <680b3621-1234-1234-1234-8adfaef561b4>Authorization:Bearer680b3621-1234-1234-1234-8adfaef561b4
OAuth API details
Check client_id & client_secret
You can check the client_id and client_secret values by clicking on the ‘Credentials’ button on the ‘In-App’ of the app registered on ONE store Developer Center.
Issue AccessToken
URI : https://{host}/v6/oauth/token
Method: POST, PUT
Request Parameter: Form format
Parameter Name
Description
Example
client_id
Typically, it is the same as packageName
com.onestore.game.goindol
client_secret
It is the client secret value that has been issued when the app is registered on Developer Center.
vxIMAGcVz3DAx20uDBr/IDWNJAPNHFl7YruF4uxB6BI=
grant_type
It is the fixed value
client_credentials
Request Header :
Parameter NameDescriptionExampleContent-Type
At the request of http, Content-Type must be set as ‘application/x-www-form-urlencoded’.
Content-Type: application/x-www-form-urlencoded
Example
POST /v6/oauth/token HTTP/1.1Host: apis.onestore.comContent-Type: application/x-www-form-urlencoded;charset=UTF-8
grant_type=client_credentials&client_id=com.onestore.game.goindol&client_secret=vxIMAGcVz3DAx20uDBr/IDWNJAPNHFl7YruF4uxB6BI=
Response Body : JSON format
Element NameData TypeData SizeDescriptionclient_id
String
255
OAuth authentication client_id
access_token
String
36
AccessToken
token_type
String
6
It provides the bearer method only
expires_in
Integer
10
Token expiration period, unit: second(s)
scope
String
1024
Token use range
Example :
{ "client_id":"com.onestore.game.goindol", "access_token":"680b3621-1234-1234-1234-8adfaef561b4", "token_type":"bearer", "expires_in":3010, "scope":"DEFAULT"}
Example of issuance:
curl -v -X POST -H "Content-Type: application/x-www-form-urlencoded"
https://sbpp.onestore.co.kr/v6/oauth/token -d "grant_type=client_credentials" -d "client_id=com.onestore.game.goindol" -d "client_secret=vxIMAGcVz3DAx20uDBr/IDWNJAPNHFl7YruF4uxB6BI="> POST /v6/oauth/token HTTP/1.1> Host: sbpp.onestore.co.kr> User-Agent: curl/7.43.0> Accept: */*> Content-Type: application/x-www-form-urlencoded;charset=UTF-8> Content-Length: 35>* upload completely sent off: 35
out of 35
bytes< HTTP/1.1
200
200< Date: Wed, 02
May 2018
02:52:42
GMT< Server: Apache< Connection: close< Transfer-Encoding: chunked< Content-Type: application/json;charset=UTF-8<* Closing connection 0{"client_id":"com.onestore.game.goindol","access_token":"680b3621-1234-1234-1234-8adfaef561b4","token_type":"bearer","expires_in":3600,"scope":"DEFAULT"}
AccessToken in the review (development) and commercial environments is managed independently, and therefore you must manage AccessToken separately per environment.
Server API Details
getPurchaseDetails (Check purchased in-app product details)
Desc : It checks the details of purchased ONE store Managed Product. You must search the details by using ONE store purchaseToken (purchase token), which has been received at the completion of the purchase. If you search the details with purchaseToken of Monthly auto-renewal product, then the check failure (NoSuchData) response will be transmitted.
URI : https://{host}/v6/apps/{packageName}/purchases/inapp/products/{productId}/{purchaseToken}
Method : GET
Request Parameter : Path Variable format
String packageName : Package name of the app that calls API (Data Size : 128)
String productId : In-app ID (data size : 150)
String purchaseToken : Purchase token (data size : 20)
Request Header:
Parameter NameData TypeRequiredDescriptionAuthorization
String
true
access_token that has been issued through Access Token API
Content-Type
String
true
application/json
Example
Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
Request Body : N/A
Response Body : JSON format
Element NameData TypeData SizeDescriptionconsumptionState
Integer
1
The ‘consume’ status of purchased in-app (0: not consumed, 1: consumed)
developerPayload
String
200
Unique billing identifier provided by the developer
purchaseState
Integer
1
Purchase status (0: purchase completed, 1: cancellation completed)
purchaseTime
Long
13
Purchase time (ms)
purchaseId
String
20
Purchase ID
acknowledgeState
Integer
1
Purchase acknowledgement status (0: not acknowledged, 1: acknowledged)
Example:
HTTP/1.1
200
OKContent-type: application/json;charset=UTF-8{ "consumptionState": 0, "developerPayload": "developerPayload", "purchaseState": 0, "purchaseTime": 1345678900000, "purchaseId": "17070421461015116878", "acknowledgeState": 0}
getRecurringPurchaseDetails (Check purchased Monthly auto-renewal product details)
Desc : It checks the automatic payment status of purchased ONE store Monthly auto-renewal product and the details of the last purchase status. You must check them by using ONE store purchaseToken (purchase token), which has been received at the completion of the purchase. If you check the details with purchaseToken of Managed Product, then the check failure (NoSuchData) response will be transmitted.
URI : https://{host}/v6/apps/{packageName}/purchases/inapp/products/{productId}/{purchaseToken}
Method : GET
Request Parameter : Path Variable format
String packageName : Package name of the app that calls API (Data Size : 128)
String productId : In-app ID (data size : 150)
String purchaseToken : Purchase token (data size : 20)
Request Header:
Parameter NameData TypeRequiredDescriptionAuthorization
String
true
access_token that has been issued through Access Token API
Content-Type
String
true
application/json
Example
Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
Request Body : N/A
Response Body : JSON format
Element NameData TypeData SizeDescriptionstartTime
Long
13
The use start time of purchased in-app (ms)
expiryTime
Long
13
The use end time of purchased in-app (ms)
nextPaymentTime
Long
13
The next automatic payment time
autoRenewing
boolean
-
Whether the automatic payment is made or not after the use end time has exceeded.
cancelReason
Integer
1
Reasons for cancellation (0: cancellation by the customer request, 1: cancellation by other system processing)
cancelledTime
Long
13
Cancellation time (ms)
acknowledgeState
Integer
1
The purchase acknowledgement status of Monthly auto-renewal product (0: not acknowledged, 1: acknowledged)
lastPurchaseId
String
20
The Purchase ID of the last automatic payment
lastPurchaseState
Integer
1
The purchase status of the last automatic payment (0: purchase completed, 1: cancellation completed)
Example:
HTTP/1.1
200
OKContent-type: application/json;charset=UTF-8{ "consumptionState": 0, "developerPayload": "developerPayload", "purchaseState": 0, "purchaseTime": 1345678900000, "purchaseId": "17070421461015116878", "acknowledgeState": 0}
With the following conditions, you can determine whether the customer has the right to use the content of Monthly auto-renewal product.
If the current time is smaller than or equal to expiryTime(the use end time of purchased in-app) and lastPurchaseState(the purchase status of the last automatic payment) is 0 (the purchase completed) Ex) expiryTime >= current time AND lastPurchaseState == 0
acknowledgePurchase (Acknowledge purchased in-app product)
Desc : It changes the status of purchased Managed product or Monthly auto-renewal product into the ‘acknowledged’ status.
URI : https://{host}/v6/apps/{packageName}/purchases/all/products/{productId}/{purchaseToken}/acknowledge
Method : POST
Request Parameter : Path Variable format
String packageName : Package name of the app that calls API (data size : 128)
String productId : In-app ID (data size : 150)
String purchaseToken : Purchase token (data size : 20)
Request Header :
Parameter NameData TypeRequiredDescriptionAuthorization
String
true
access_token that has been issued through Access Token API
Content-Type
String
true
application/json
Example
Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
Request Body : JSON format
Element NameData TypeRequiredDescriptiondeveloperPayload
String
false
Example :
{ "developerPayload": "your payload"}
Response Body : JSON 형식
It returns the response in the following format to allow for a more intuitive determination of the process completion when API processing is successful. However, when the API processing fails, it returns the standard error response.
Element NameData TypeData SizeDescriptioncode
String
-
Response code
message
String
-
Response message
result
Object
-
Example :
HTTP/1.1
200
OKContent-type: application/json;charset=UTF-8{ "result"
: { "code"
: "Success", "message"
: "Request has been completed successfully." }}
ONE store shall automatically cancel the purchase, which has not been called by acknowledgePurchase API within 3 days.
Accordingly, the developer MUST call this API and then he/she can process through SDK API or server API.
However, the purchase called by consumePurchase API will be considered ‘acknowledged’ and it will not be cancelled.
consumePurchase (Consume purchased in-app product)
Desc : It changes the status of purchased Managed product into the ‘consumed’ status.
URI : https://{host}/v6/apps/{packageName}/purchases/inapp/products/{productId}/{purchaseToken}/consume
Method : POST
Request Parameter : Path Variable format
String packageName : Package name of the app that calls API (data size : 128)
String productId : In-app ID (data size : 150)
String purchaseToken : Purchase token (data size : 20)
Request Header :
Parameter NameData TypeRequiredDescriptionAuthorization
String
true
access_token that has been issued through Access Token API
Content-Type
String
true
application/json
Example
Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
Request Body : JSON format
Element NameData TypeRequiredDescriptiondeveloperPayload
String
false
Response Body : JSON format
It returns the response in the following format to allow for a more intuitive determination of the process completion when API processing is successful. However, when the API processing fails, it returns the standard error response.
Element NameData TypeData SizeDescriptioncode
String
-
Response code
message
String
-
Response message
result
Object
-
Example :
HTTP/1.1
200
OKContent-type: application/json;charset=UTF-8{ "result"
: { "code"
: "Success", "message"
: "Request has been completed successfully." }}
cancelRecurringPurchase (Request to cancel automatic payment))
Desc :It requests the cancellation of automatic payment of Monthly auto-renewal product.
URI : https://{host}/v6/apps/{packageName}/purchases/auto/products/{productId}/{purchaseToken}/cancel
Method : POST
Request Parameter : Path Variable format
String packageName : Package name of the app that calls API (data size : 128)
String productId : In-app ID (data size : 150)
String purchaseToken : Purchase token (data size : 20)
Request Header :
Parameter NameData TypeRequiredDescriptionAuthorization
String
true
access_token that has been issued through Access Token API
Content-Type
String
true
application/json
Example
Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
Request Body : N/A
Response Body : JSON format
It returns the response in the following format to allow for a more intuitive determination of the process completion when API processing is successful. However, when the API processing fails, it returns the standard error response.
Element NameData TypeData SizeDescriptioncode
String
-
Response code
message
String
-
Response message
result
Object
-
Example :
HTTP/1.1
200
OKContent-type: application/json;charset=UTF-8{ "result"
: { "code"
: "Success", "message"
: "Request has been completed successfully." }}
reactiveRecurringPurchase (Request to cancel the automatic payment cancellation)
Desc : It cancels the request for the cancellation of automatic payment of Monthly auto-renewal product.
URI : https://{host}/v6/apps/{packageName}/purchases/auto/products/{productId}/{purchaseToken}/reactivate
Method : POST
Request Parameter : Path Variable format
String packageName : Package name of the app that calls API (data size : 128)
String productId : In-app ID (data size : 150)
String purchaseToken : Purchase token (data size : 20)
Request Header :
Parameter NameData TypeRequiredDescriptionAuthorization
String
true
access_token that has been issued through Access Token API
Content-Type
String
true
application/json
Example
Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
Request Body : N/A
Response Body : JSON format
It returns the response in the following format to allow for a more intuitive determination of the process completion when API processing is successful. However, when the API processing fails, it returns the standard error response.
Element NameData TypeData SizeDescriptioncode
String
-
Response code
message
String
-
Response message
result
Object
-
Example :
HTTP/1.1
200
OKContent-type: application/json;charset=UTF-8{ "result"
: { "code"
: "Success", "message"
: "Request has been completed successfully." }}
getVoidedPurchases (Check purchase cancellation details)
Desc :It checks the purchase cancellation details.
URI : https://{host}/v6/apps/{packageName}/voided-purchases
Method : GET
Request Parameter : Path Variable format
String packageName : Package name of the app that calls API (data size : 128)
Request Parameter (Optional) : Query String format
String continuationKey : ONE store server returns this value if there are numerous purchase cancellations.
If there is continuationKey in the response, you can receive additional purchase cancellation histories if you call up getVoidedPurchases again and send continuationKey (data size: 41).
String startTime : The search start time of purchase cancellation date(milliseconds)
The start time can be set until only one month prior to the current time, and if startTime is used alone, endTime will be set until one month after startTime (data size: 13).
String endTime : The search end time of purchase cancellation date (milliseconds).
The end time cannot be bigger than the current time, and if endTime is used alone, startTime will be set until one month prior to endTime.
unsigned integer maxResults : The default maximum number of searches is 100 (data size: 3)
Request Header :
Parameter NameData TypeRequiredDescriptionAuthorization
String
true
access_token that has been issued through Access Token API
Content-Type
String
true
application/json
Example
Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
Request Body : 없음
Response Body :
Element NameData TypeData SizeDescriptioncontinuationKey
String
41
It returns when the number of purchase cancellations is higher than the maximum number of searches. After that, if you set and call continuationKey, which has been received upon request, you can search the history.
voidedPurchaseList
-
purchaseId
String
20
Purchase ID
purchaseTime
Long
13
Purchase time (ms)
voidedTime
Long
13
Purchase cancellation time (ms)
purchaseToken
String
20
Purchase token
marketCode
String
-
Market identification code
Example :
HTTP/1.1
200
OKContent-type: application/json;charset=UTF-8{ "continuationKey": "continuationKey", "voidedPurchaseList ": [ { "purchaseId": "19062709124410111299", "purchaseTime": 1345678900000, "voidedTime": 1345688900000, "purchaseToken": "19062709124410111299", "marketCode": "MKT_ONE" }, { "purchaseId": "19062709124410111300", "purchaseTime": 1345679900000, "voidedTime": 1345878900000, "purchaseToken": "19062709124410111299", "marketCode": "MKT_ONE" } ]}
Standard Response Specifications
Standard response code
AccessBlocked
The request was blocked.
요청이 차단되었습니다.
403 - Fobidden
Common
AccessTokenExpired
Access token has expired.
Access 토큰이 만료되었습니다.
401 - Unauthorized
Common
DeveloperPayloadNotMatch
The request developerPayload does not match the value passed in the purchase request.
구매요청 시 전달된 developerPayload값과 일치하지 않습니다.
400 - Bad Request
acknowledgePurchase consumePurchase
InternalError
An undefined error has occurred.
정의되지 않은 오류가 발생하였습니다.
500 - Internal Server Error
Common
InvalidAccessToken
Access token is invalid.
Access 토큰이 유효하지 않습니다.
401 - Unauthorized
Common
InvalidAuthorizationHeader
Authorization header is invalid.
Authorization 헤더의 값이 유효하지 않습니다.
400 - Bad Request
Common
InvalidConsumeState
The purchase consumption status cannot be changed or has already been changed.
소비상태 변경이 불가하거나, 이미 변경완료 되었습니다.
409 - Conflict
consumePurchase
InvalidContentType
The request content-type is invalid.
잘못된 Content Type 입니다.
415 - Unsupported Media Type
Common
InvalidPurchaseState
Purchase history does not exist or is not completed.
구매내역이 존재하지 않거나, 구매완료 상태가 아닙니다.
409 - Conflict
acknowledgePurchase consumePurchase
InvalidRequest
Request parameters are invalid. [ field1, field2, ... ]
입력값이 유효하지 않습니다. [ field1, field2, ... ]
400 - Bad Request
Common
MethodNotAllowed
HTTP method not supported.
지원하지 않는 HTTP Method 입니다.
405 - Method Not Allowed
Common
NoSuchData
The requested data could not be found.
조회된 결과값이 존재하지 않습니다.
404 - Not Found
getPurchaseDetails getRecurringPurchaseDetails
RequiredValueNotExist
Request parameters are required. [ field1, field2, ... ]
필수값이 존재하지 않습니다. [ field1, field2, ... ]
400 - Bad Request
Common
ResourceNotFound
The requested resource could not be found.
요청한 자원이 존재하지 않습니다.
404 - Not Found
Common
ServiceMaintenance
System maintenance is in progress.
서비스 점검중입니다.
503 - Service Temporarily Unavailable
Common
Success
The request has been completed successfully.
정상처리 되었습니다.
200 - Success
acknowledgePurchase consumePurchase cancelRecurringPurchase reactivateRecurringPurchase
UnauthorizedAccess
Not authorized to this API.
해당 API에 접근권한이 없습니다.
403 - Fobidden
Common
Standard error response specifications
Server API returns the standard error response in the same format as the example below when the error occurs other than the normal response. Refer to the following content.
Response Body : JSON format
Element NameData TypeData SizeDescriptioncode
String
-
Response code
message
String
-
Response message
result
Object
-
Example
HTTP/1.1
400
Bad RequestContent-type: application/json;charset=UTF-8{ "error"
: { "code"
: "NoSuchData", "message"
: "The requested data could not be found." }}
Common Code
In-app type code
inapp
Managed Product
Consumable/non-consumable/non-renewable in-app
auto
Monthly auto-renewal product
Monthly auto-renewal in-app
all
All in-apps
Managed product + Monthly auto-renewal product
Market identification code
MKT_ONE
ONE store
ONE store market identification code
MKT_STM
Storm+
Storms+ market identification code
Last updated