English
Search
⌃K

ONE store IAP Server API

Overview

ONE store IAP Server API indicates Open API to check the data of in-app, which has been billed on ONE store or to change the billing status.
OAuth authentication is necessary to use this API.

Host URL

The URL of {host} used in this document is shown below.
ONE store environment
Host URL
SANDBOX(development)
Commercial

ONE store OAuth

OAuth overview

OAuth authentication is necessary for interworking with ONE store Server Open API.
  • Understanding ONE store OAuth v2
    • AccessToken is the value that can get issued through ONE store’s Server Open API, and it is used as the authentication value when the Server Open API provided by ONE store is called.
    • AccessToken has a default duration of 3,600 seconds. When the valid duration expires or is less than 600 seconds, if you call getAccessToken(), a new AccessToken will be issued.
    • The existing AccessToken is also available until the valid duration ends.
    • Numerous AccessTokens get issued in this way, and therefore you can acquire and use AccessTokens differentiated for each service instance of the developer.
  • The typical interworking flow is as follows
  • Call the process for obtaining AccessToken (no.1) when the authentication error occurs during API calls.
Use the Authorization Bearer scheme to call ONE store IAP Server API, and the call sample is as shown below.
GET /v6/apps/com.onestore.game.goindol/purchases/inapp/products/product01/SANDBOXT000120004476 HTTP/1.1Host: sbpp.onestore.co.krAuthorization: Bearer 680b3621-1234-1234-1234-8adfaef561b4
‘Bearer + Vavant + AccessToken’ must be entered exactly and case-sensitive in the Authorization header as seen in the example above. The Bearer’s value is the value of AccessToken, which has been issued by calling upon getAccessToken().
Incorrect example
Authorization: 680b3621-1234-1234-1234-8adfaef561b4Authorization: bearer 680b3621-1234-1234-1234-8adfaef561b4Authorization: Bearer <680b3621-1234-1234-1234-8adfaef561b4>Authorization:Bearer680b3621-1234-1234-1234-8adfaef561b4

OAuth API details

Check client_id & client_secret
You can check the client_id and client_secret values by clicking on the ‘Credentials’ button on the ‘In-App’ of the app registered on ONE store Developer Center.
​
​
​
​
Issue AccessToken
  • URI : https://{host}/v6/oauth/token
  • Method: POST, PUT
  • Request Parameter: Form format
    Parameter Name
    Description
    Example
    client_id
    Typically, it is the same as packageName
    com.onestore.game.goindol
    client_secret
    It is the client secret value that has been issued when the app is registered on Developer Center.
    vxIMAGcVz3DAx20uDBr/IDWNJAPNHFl7YruF4uxB6BI=
    grant_type
    It is the fixed value
    client_credentials
  • Request Header :
    Parameter Name
    Description
    Example
    Content-Type
    At the request of http, Content-Type must be set as ‘application/x-www-form-urlencoded’.
    Content-Type: application/x-www-form-urlencoded
  • Example
    POST /v6/oauth/token HTTP/1.1Host: apis.onestore.comContent-Type: application/x-www-form-urlencoded;charset=UTF-8 grant_type=client_credentials&client_id=com.onestore.game.goindol&client_secret=vxIMAGcVz3DAx20uDBr/IDWNJAPNHFl7YruF4uxB6BI=
  • Response Body : JSON format
    Element Name
    Data Type
    Data Size
    Description
    client_id
    String
    255
    OAuth authentication client_id
    access_token
    String
    36
    AccessToken
    token_type
    String
    6
    It provides the bearer method only
    expires_in
    Integer
    10
    Token expiration period, unit: second(s)
    scope
    String
    1024
    Token use range
  • Example :
    { "client_id":"com.onestore.game.goindol", "access_token":"680b3621-1234-1234-1234-8adfaef561b4", "token_type":"bearer", "expires_in":3010, "scope":"DEFAULT"}
  • Example of issuance:
    curl -v -X POST -H "Content-Type: application/x-www-form-urlencoded" https://sbpp.onestore.co.kr/v6/oauth/token -d "grant_type=client_credentials" -d "client_id=com.onestore.game.goindol" -d "client_secret=vxIMAGcVz3DAx20uDBr/IDWNJAPNHFl7YruF4uxB6BI="> POST /v6/oauth/token HTTP/1.1> Host: sbpp.onestore.co.kr> User-Agent: curl/7.43.0> Accept: */*> Content-Type: application/x-www-form-urlencoded;charset=UTF-8> Content-Length: 35>* upload completely sent off: 35 out of 35 bytes< HTTP/1.1 200 200< Date: Wed, 02 May 2018 02:52:42 GMT< Server: Apache< Connection: close< Transfer-Encoding: chunked< Content-Type: application/json;charset=UTF-8<* Closing connection 0{"client_id":"com.onestore.game.goindol","access_token":"680b3621-1234-1234-1234-8adfaef561b4","token_type":"bearer","expires_in":3600,"scope":"DEFAULT"}
    AccessToken in the review (development) and commercial environments is managed independently, and therefore you must manage AccessToken separately per environment.

Server API Details

getPurchaseDetails (Check purchased in-app product details)

  • Desc : It checks the details of purchased ONE store Managed Product. You must search the details by using ONE store purchaseToken (purchase token), which has been received at the completion of the purchase. If you search the details with purchaseToken of Monthly auto-renewal product, then the check failure (NoSuchData) response will be transmitted.
  • URI : https://{host}/v6/apps/{packageName}/purchases/inapp/products/{productId}/{purchaseToken}
  • Method : GET
  • Request Parameter : Path Variable format
    • String packageName : Package name of the app that calls API (Data Size : 128)
    • String productId : In-app ID (data size : 150)
    • String purchaseToken : Purchase token (data size : 20)
  • Request Header:
    Parameter Name
    Data Type
    Required
    Description
    Authorization
    String
    true
    access_token that has been issued through Access Token API
    Content-Type
    String
    true
    application/json
  • Example
    Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
  • Request Body : N/A
  • Response Body : JSON format
    Element Name
    Data Type
    Data Size
    Description
    consumptionState
    Integer
    1
    The ‘consume’ status of purchased in-app (0: not consumed, 1: consumed)
    developerPayload
    String
    200
    Unique billing identifier provided by the developer
    purchaseState
    Integer
    1
    Purchase status (0: purchase completed, 1: cancellation completed)
    purchaseTime
    Long
    13
    Purchase time (ms)
    purchaseId
    String
    20
    Purchase ID
    acknowledgeState
    Integer
    1
    Purchase acknowledgement status (0: not acknowledged, 1: acknowledged)
  • Example:
    HTTP/1.1 200 OKContent-type: application/json;charset=UTF-8{ "consumptionState": 0, "developerPayload": "developerPayload", "purchaseState": 0, "purchaseTime": 1345678900000, "purchaseId": "17070421461015116878", "acknowledgeState": 0}

getRecurringPurchaseDetails (Check purchased Monthly auto-renewal product details)

  • Desc : It checks the automatic payment status of purchased ONE store Monthly auto-renewal product and the details of the last purchase status. You must check them by using ONE store purchaseToken (purchase token), which has been received at the completion of the purchase. If you check the details with purchaseToken of Managed Product, then the check failure (NoSuchData) response will be transmitted.
  • URI : https://{host}/v6/apps/{packageName}/purchases/inapp/products/{productId}/{purchaseToken}
  • Method : GET
  • Request Parameter : Path Variable format
    • String packageName : Package name of the app that calls API (Data Size : 128)
    • String productId : In-app ID (data size : 150)
    • String purchaseToken : Purchase token (data size : 20)
  • Request Header:
    Parameter Name
    Data Type
    Required
    Description
    Authorization
    String
    true
    access_token that has been issued through Access Token API
    Content-Type
    String
    true
    application/json
  • Example
    Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
  • Request Body : N/A
  • Response Body : JSON format
    Element Name
    Data Type
    Data Size
    Description
    startTime
    Long
    13
    The use start time of purchased in-app (ms)
    expiryTime
    Long
    13
    The use end time of purchased in-app (ms)
    nextPaymentTime
    Long
    13
    The next automatic payment time
    autoRenewing
    boolean
    -
    Whether the automatic payment is made or not after the use end time has exceeded.
    cancelReason
    Integer
    1
    Reasons for cancellation (0: cancellation by the customer request, 1: cancellation by other system processing)
    cancelledTime
    Long
    13
    Cancellation time (ms)
    acknowledgeState
    Integer
    1
    The purchase acknowledgement status of Monthly auto-renewal product (0: not acknowledged, 1: acknowledged)
    lastPurchaseId
    String
    20
    The Purchase ID of the last automatic payment
    lastPurchaseState
    Integer
    1
    The purchase status of the last automatic payment (0: purchase completed, 1: cancellation completed)
  • Example:
    HTTP/1.1 200 OKContent-type: application/json;charset=UTF-8{ "consumptionState": 0, "developerPayload": "developerPayload", "purchaseState": 0, "purchaseTime": 1345678900000, "purchaseId": "17070421461015116878", "acknowledgeState": 0}
    With the following conditions, you can determine whether the customer has the right to use the content of Monthly auto-renewal product.
    • If the current time is smaller than or equal to expiryTime(the use end time of purchased in-app) and lastPurchaseState(the purchase status of the last automatic payment) is 0 (the purchase completed) Ex) expiryTime >= current time AND lastPurchaseState == 0

acknowledgePurchase (Acknowledge purchased in-app product)

  • Desc : It changes the status of purchased Managed product or Monthly auto-renewal product into the ‘acknowledged’ status.
  • URI : https://{host}/v6/apps/{packageName}/purchases/all/products/{productId}/{purchaseToken}/acknowledge
  • Method : POST
  • Request Parameter : Path Variable format
    • String packageName : Package name of the app that calls API (data size : 128)
    • String productId : In-app ID (data size : 150)
    • String purchaseToken : Purchase token (data size : 20)
  • Request Header :
    Parameter Name
    Data Type
    Required
    Description
    Authorization
    String
    true
    access_token that has been issued through Access Token API
    Content-Type
    String
    true
    application/json
  • Example
    Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
  • Request Body : JSON format
    Element Name
    Data Type
    Required
    Description
    developerPayload
    String
    false
  • Example :
    { "developerPayload": "your payload"}
  • Response Body : JSON 형식
    It returns the response in the following format to allow for a more intuitive determination of the process completion when API processing is successful. However, when the API processing fails, it returns the standard error response.
    Element Name
    Data Type
    Data Size
    Description
    code
    String
    -
    Response code
    message
    String
    -
    Response message
    result
    Object
    -
  • Example :
    HTTP/1.1 200 OKContent-type: application/json;charset=UTF-8{ "result" : { "code" : "Success", "message" : "Request has been completed successfully." }}
    ONE store shall automatically cancel the purchase, which has not been called by acknowledgePurchase API within 3 days.
    Accordingly, the developer MUST call this API and then he/she can process through SDK API or server API.
    However, the purchase called by consumePurchase API will be considered ‘acknowledged’ and it will not be cancelled.

consumePurchase (Consume purchased in-app product)

  • Desc : It changes the status of purchased Managed product into the ‘consumed’ status.
  • URI : https://{host}/v6/apps/{packageName}/purchases/inapp/products/{productId}/{purchaseToken}/consume
  • Method : POST
  • Request Parameter : Path Variable format
    • String packageName : Package name of the app that calls API (data size : 128)
    • String productId : In-app ID (data size : 150)
    • String purchaseToken : Purchase token (data size : 20)
  • Request Header :
    Parameter Name
    Data Type
    Required
    Description
    Authorization
    String
    true
    access_token that has been issued through Access Token API
    Content-Type
    String
    true
    application/json
  • Example
    Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
  • Request Body : JSON format
    Element Name
    Data Type
    Required
    Description
    developerPayload
    String
    false
  • Response Body : JSON format
    It returns the response in the following format to allow for a more intuitive determination of the process completion when API processing is successful. However, when the API processing fails, it returns the standard error response.
    Element Name
    Data Type
    Data Size
    Description
    code
    String
    -
    Response code
    message
    String
    -
    Response message
    result
    Object
    -
  • Example :
    HTTP/1.1 200 OKContent-type: application/json;charset=UTF-8{ "result" : { "code" : "Success", "message" : "Request has been completed successfully." }}

cancelRecurringPurchase (Request to cancel automatic payment))

  • Desc :It requests the cancellation of automatic payment of Monthly auto-renewal product.
  • URI : https://{host}/v6/apps/{packageName}/purchases/auto/products/{productId}/{purchaseToken}/cancel
  • Method : POST
  • Request Parameter : Path Variable format
    • String packageName : Package name of the app that calls API (data size : 128)
    • String productId : In-app ID (data size : 150)
    • String purchaseToken : Purchase token (data size : 20)
  • Request Header :
    Parameter Name
    Data Type
    Required
    Description
    Authorization
    String
    true
    access_token that has been issued through Access Token API
    Content-Type
    String
    true
    application/json
  • Example
    Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
  • Request Body : N/A
  • Response Body : JSON format
    It returns the response in the following format to allow for a more intuitive determination of the process completion when API processing is successful. However, when the API processing fails, it returns the standard error response.
    Element Name
    Data Type
    Data Size
    Description
    code
    String
    -
    Response code
    message
    String
    -
    Response message
    result
    Object
    -
  • Example :
    HTTP/1.1 200 OKContent-type: application/json;charset=UTF-8{ "result" : { "code" : "Success", "message" : "Request has been completed successfully." }}

reactiveRecurringPurchase (Request to cancel the automatic payment cancellation)

  • Desc : It cancels the request for the cancellation of automatic payment of Monthly auto-renewal product.
  • URI : https://{host}/v6/apps/{packageName}/purchases/auto/products/{productId}/{purchaseToken}/reactivate
  • Method : POST
  • Request Parameter : Path Variable format
    • String packageName : Package name of the app that calls API (data size : 128)
    • String productId : In-app ID (data size : 150)
    • String purchaseToken : Purchase token (data size : 20)
  • Request Header :
    Parameter Name
    Data Type
    Required
    Description
    Authorization
    String
    true
    access_token that has been issued through Access Token API
    Content-Type
    String
    true
    application/json
  • Example
    Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
  • Request Body : N/A
  • Response Body : JSON format
    It returns the response in the following format to allow for a more intuitive determination of the process completion when API processing is successful. However, when the API processing fails, it returns the standard error response.
    Element Name
    Data Type
    Data Size
    Description
    code
    String
    -
    Response code
    message
    String
    -
    Response message
    result
    Object
    -
  • Example :
    HTTP/1.1 200 OKContent-type: application/json;charset=UTF-8{ "result" : { "code" : "Success", "message" : "Request has been completed successfully." }}

getVoidedPurchases (Check purchase cancellation details)

  • Desc :It checks the purchase cancellation details.
  • URI : https://{host}/v6/apps/{packageName}/voided-purchases
  • Method : GET
  • Request Parameter : Path Variable format
    • String packageName : Package name of the app that calls API (data size : 128)
  • Request Parameter (Optional) : Query String format
    • String continuationKey : ONE store server returns this value if there are numerous purchase cancellations.
      If there is continuationKey in the response, you can receive additional purchase cancellation histories if you call up getVoidedPurchases again and send continuationKey (data size: 41).
    • String startTime : The search start time of purchase cancellation date(milliseconds)
      The start time can be set until only one month prior to the current time, and if startTime is used alone, endTime will be set until one month after startTime (data size: 13).
    • String endTime : The search end time of purchase cancellation date (milliseconds).
      The end time cannot be bigger than the current time, and if endTime is used alone, startTime will be set until one month prior to endTime.
    • unsigned integer maxResults : The default maximum number of searches is 100 (data size: 3)
  • Request Header :
    Parameter Name
    Data Type
    Required
    Description
    Authorization
    String
    true
    access_token that has been issued through Access Token API
    Content-Type
    String
    true
    application/json
  • Example
    Request.setHeader("Authorization", "Bearer 680b3621-1234-1234-1234-8adfaef561b4");Request.setHeader("Content-Type", "application/json");
  • Request Body : 없음
  • Response Body :
    Element Name
    Data Type
    Data Size
    Description
    continuationKey
    String
    41
    It returns when the number of purchase cancellations is higher than the maximum number of searches. After that, if you set and call continuationKey, which has been received upon request, you can search the history.
    voidedPurchaseList
    -
    purchaseId
    String
    20
    Purchase ID
    purchaseTime
    Long
    13
    Purchase time (ms)
    voidedTime
    Long
    13
    Purchase cancellation time (ms)
    purchaseToken
    String
    20
    Purchase token
    marketCode
    String
    -
    Market identification code
  • Example :
    HTTP/1.1 200 OKContent-type: application/json;charset=UTF-8{ "continuationKey": "continuationKey", "voidedPurchaseList ": [ { "purchaseId": "19062709124410111299", "purchaseTime": 1345678900000, "voidedTime": 1345688900000, "purchaseToken": "19062709124410111299", "marketCode": "MKT_ONE" }, { "purchaseId": "19062709124410111300", "purchaseTime": 1345679900000, "voidedTime": 1345878900000, "purchaseToken": "19062709124410111299", "marketCode": "MKT_ONE" } ]}

Standard Response Specifications

Standard response code

Code
Message
Description
HTTP Status Code
대상 API
AccessBlocked
The request was blocked.
요청이 차단되었습니다.
403 - Fobidden
Common
AccessTokenExpired
Access token has expired.
Access 토큰이 만료되었습니다.
401 - Unauthorized
Common
DeveloperPayloadNotMatch
The request developerPayload does not match the value passed in the purchase request.
구매요청 시 전달된 developerPayload값과 일치하지 않습니다.
400 - Bad Request
acknowledgePurchase consumePurchase
InternalError
An undefined error has occurred.
정의되지 않은 오류가 발생하였습니다.
500 - Internal Server Error
Common
InvalidAccessToken
Access token is invalid.
Access 토큰이 유효하지 않습니다.
401 - Unauthorized
Common
InvalidAuthorizationHeader
Authorization header is invalid.
Authorization 헤더의 값이 유효하지 않습니다.
400 - Bad Request
Common
InvalidConsumeState
The purchase consumption status cannot be changed or has already been changed.
소비상태 변경이 불가하거나, 이미 변경완료 되었습니다.
409 - Conflict
consumePurchase
InvalidContentType
The request content-type is invalid.
잘못된 Content Type 입니다.
415 - Unsupported Media Type
Common
InvalidPurchaseState
Purchase history does not exist or is not completed.
구매내역이 존재하지 않거나, 구매완료 상태가 아닙니다.
409 - Conflict
acknowledgePurchase consumePurchase
InvalidRequest
Request parameters are invalid. [ field1, field2, ... ]
입력값이 유효하지 않습니다. [ field1, field2, ... ]
400 - Bad Request
Common
MethodNotAllowed
HTTP method not supported.
지원하지 않는 HTTP Method 입니다.
405 - Method Not Allowed
Common
NoSuchData
The requested data could not be found.
조회된 결과값이 존재하지 않습니다.
404 - Not Found
getPurchaseDetails getRecurringPurchaseDetails
RequiredValueNotExist
Request parameters are required. [ field1, field2, ... ]
필수값이 존재하지 않습니다. [ field1, field2, ... ]
400 - Bad Request
Common
ResourceNotFound
The requested resource could not be found.
요청한 자원이 존재하지 않습니다.
404 - Not Found
Common
ServiceMaintenance
System maintenance is in progress.
서비스 점검중입니다.
503 - Service Temporarily Unavailable
Common
Success
The request has been completed successfully.
정상처리 되었습니다.
200 - Success
acknowledgePurchase consumePurchase cancelRecurringPurchase reactivateRecurringPurchase
UnauthorizedAccess
Not authorized to this API.
해당 API에 접근권한이 없습니다.
403 - Fobidden
Common

Standard error response specifications

Server API returns the standard error response in the same format as the example below when the error occurs other than the normal response. Refer to the following content.
  • Response Body : JSON format
    Element Name
    Data Type
    Data Size
    Description
    code
    String
    -
    Response code
    message
    String
    -
    Response message
    result
    Object
    -
  • Example
    HTTP/1.1 400 Bad RequestContent-type: application/json;charset=UTF-8{ "error" : { "code" : "NoSuchData", "message" : "The requested data could not be found." }}

Common Code

In-app type code

Code
Name
Description
inapp
Managed Product
Consumable/non-consumable/non-renewable in-app
auto
Monthly auto-renewal product
Monthly auto-renewal in-app
all
All in-apps
Managed product + Monthly auto-renewal product

Market identification code

Code
Name
Description
MKT_ONE
ONE store
ONE store market identification code
MKT_STM
Storm+
Storms+ market identification code
Last modified 11mo ago