English
Search
K

Test & Security

Overview

ONE store supports the billing test for in-app product in the development environment (hereafter Sandbox) or in the commercial billing environment (hereafter commercial test).
Sandbox is not the commercial billing environment but the virtual one. If you select the response you want either billing failure or billing success on the billing screen, Sandbox will send the corresponding response result.
The commercial test performs the billing of the corresponding in-app product in the commercial billing environment and sends the billing result.
If the billing is not cancelled in the commercial test environment, it could lead to a charge, and therefore the billing must be cancelled after the billing test.
주의사항
  • All in-app products must be tested at least once in Sandbox. If there is even one in-app which has not been tested, then the ‘Request for Review’ button will not be activated.
  • To perform test in the development and commercial environments, ONE store ID must be registered as test ID prior to the test. Note that if you conduct the test with ONE store ID, which has not been registered as test ID, the test in Sandbox will not be available, and in the commercial test environment, the actual commercial billing, not the test commercial billing, will be performed, thereby leading to a charge.
  • ONE store shall not be liable for any payments made by the test ID. The test ID management and billing test must be performed under the supervision of the person in charge in the developer.

In-App Billing Test Process

In-App Billing Test Screen

If you click on the ‘Billing Test’ button on the ‘Developer Center > Apps > Select In-Apps >In-App Information’ screen, then the in-app billing test screen will be provided.
You can manage test ID or search the billing test result in the in-app billing test screen.

Register/Manage Test ID

You must register test ID to perform the in-app billing test in the development and commercial environments.
If you select the ‘Test ID mgmt.’ tab on the in-app billing test screen, you will be moved to the test ID management screen.
The test ID is the same as ONE store ID, and you can register the test ID after checking if you have the ID registered on ONE store.
If you are not registered as ONE store member, run ONE store app and generate ONE store ID for test and then register this ID as test ID.
Refer to ‘Generate ONE store ID’ below on how to generate ONE store ID.
  • Generate ONE store ID

    • Install & execute ONE store app
      First, you must execute ONE store app. If ONE store app is not installed on your device, you must go to https://m.onestore.co.kr and download the app. If you click on the right-sided red ‘Install App’ button on the upper right, the app will be installed.
    • Sign up to ONE store
      If you are a new member, you can sign up to ONE store with your social accounts, including facebook and Google.
    • Consent to ONE store terms and conditions
      If you sign up with the social account you want, you must give consent to the terms and conditions to use ONE store.
      • The red dotted line indicates the required terms to which you MUST consent to use ONE store.
        • ONE store terms and conditions
        • Terms and conditions of electronic financial transactions
        • Terms and conditions of collection and use of personal information
        • Terms and conditions of provision of personal information to a third party
      • The blue dotted line indicates the optional terms and conditions to use additional functions when you use ONE store.
        • Terms and conditions of consent to acceptance of benefits notifications
        • Terms and conditions of collection and use of personal information for provision of customized benefits
        • Terms and conditions of consent to utilize app usage information for provision of customized benefits
      • If you tick the boxes to give consent to the terms using the information and click on the ‘Sign up’ button within the red solid line at the bottom right, you will be moved to the next stage.
    • Select age group
      Finally, choose the using member’s age group. If you are under 14 years old, click on the left-sided white button. If you are 14 years and above, click on the right-sided red button, and then the signup will be completed.
  • Register test ID

    • Search ONE store ID to be used as test ID.
    • After checking ONE store ID, select the billing environment (Sandbox or commercial test) to perform the billing test with this test ID.
    • Enter references, if necessary, and register the test ID by clicking on the registration button.
      You can select only one test ID for one billing environment, and you can change the billing environment settings at any time.
    • With the registered test ID, you can set up the environment in which you will perform the billing test.
    • When you change the test ID billing environment, you must click on the ‘Save’ button to save the new settings.
  • Delete test ID (individual, batch deletion)

    • If the test ID is not valid anymore, you can remove it.
    • You can delete the test IDs individually by clicking on the “Remove” button, or you can remove them in a batch after ticking the multiple test IDs and clicking on the ‘Delete the selected test IDs’ button.
  • Export test IDs to other apps.

    • If you use the same test ID in common for multiple apps, you can export the test ID to other apps.
    • The check box will be activated only for the apps, which can be exported. Select the apps to which the test IDs will be exported and then click on the ‘Export’ button.
      • Note
        • If the binary (apk) is not registered in the targeted app, only the test ID set to Sandbox will be exported.

Billing Test in Sandbox environment (required)

Sandbox is not the commercial billing environment but the virtual one. If you select the response you want either billing failure or billing success on the billing screen, Sandbox will send the corresponding response result.
You can search the history of the billing made in Sandbox at the ‘Sandbox’ tab of the in-app billing test screen, and the billing cancellation is also available.
All in-app products must be tested at least once in Sandbox. If there is even one in-app, which has not been tested, then the ‘Request for Review’ button will not be activated.
The information on the test environment (commercial & Sandbox) will be maintained in the memory while being connected to OSS. If you have changed the test environment of the test ID through Developer Center, you must shut down and re-start the app.
참고사항
  • Sandbox billing test is available only when the test ID is set to Sandbox.
  • For the in-app on which the Sandbox billing test has not been performed, the test value of the in-app will be set to ‘N’. If the test is performed, the value will change to ‘Y’.

Billing Test in Commercial Environment (optional)

The commercial test performs the billing of the corresponding in-app in the commercial billing environment and sends the billing result.
You can search the history of the billing made in the commercial test at the ‘Commercial Test’ tab of the in-app billing test screen, and the billing cancellation is also available.
Unless the billing is cancelled in the commercial test environment, it might lead to a charge, therefore the billing must be cancelled after the billing test.
In case of in-app products registered, payment can be made in commercial environment only if you register with the commercial test ID.
참고사항
  • The billing test is available only when the test ID is set to the commercial test in the commercial test environment.
  • Note that if the billing is made either with the test ID that has not been set to the commercial test, or with ONE store ID that has not been registered as the test ID, the actual commercial billing instead of the test billing will be made, thereby leading to a charge. If the actual commercial billing has been made, immediately send the billing details to ONE store and request the billing cancellation.

Check In-App Billing Test Result & Cancel Billing

You can check the billing status of the in-app billing test history and cancel the billing.
You can search the history of the billing made in Sandbox at the ‘Sandbox’ tab, and the history of the billing made in the commercial test at the ‘Commercial Test’ tab of the in-app billing test screen.
  • Sandbox environment

    • It provides the history of the billing tested in the Sandbox environment.
    • You can search the paid in-app information and billing status, and the billing cancellation is also available.
  • Commercial test environment

    • It provides the history of the billing tested in the commercial test environment.
    • You can search the paid in-app information and billing status, and the billing cancellation is also available.

Security & Authentication

  • Security of In-App Purchase (IAP)

    • ONE store IAP uses the method of checking the signature’s validity for safe billing by confirming whether data is forged or falsified. Mobile apps are exposed to the threat of multiple attacks, and therefore it is recommended to perform signature authentication in the developer’s app or server to minimize such a risk. The following indicates what the developer needs to prepare additionally for safer IAP.
    • Use the developer’s server
      • To disturb the attacks using APK Reverse Engineering, etc., store the implementation code and public key, etc. in the server, and perform authentication.
      • In addition, when you store the purchase information, it is better to use the developer server’s storage rather than the terminal’s storage and then to confirm the permission to use the item.
    • Use the changed code
      • The sample code provided by ONE store is open to many people, and therefore it is recommended to revise the code before using it instead of using the original one. If you use the same code, you might be easily exposed to the attacks as much
      • It is better to protect the code related to the billing by using code obfuscation tools, including Proguard.
      • Even the public key, it is not a safe way to put a plain string inside the app code. It is safe to prevent easy exposure by XORing with other strings to block the attackers from easy access.
    • Use the ‘developerPayload’ field at the request of billing
      • You can make the review on the billing result more secure by putting additional data for security review, including timestamp, into this field.
  • How to authenticate ONE store IAP

    • Prepare authentication
      • Use the RSA approach for the key algorithms for authentication, and use ‘SHA512withRSA’ as the algorithm for signature.
        For the signature verification key, refer to ‘Check License Key (public key) & OAuth Credentials’ in the Pre-preparations page
        Store and use the value of signature verification key appropriately depending on where the authentication is performed, such as the terminal or server.
    • Signature authentication sample code
      • SDK provides the 'AppSecurity' utility class and you can perform the signature authentication by using the 'verifyPurchase' method.
        If the developer wants to directly perform the signature authentication without using the SDK, he/she is required to implement the code in person that performs the same function as 'AppSecurity'.
        For details about the implementation, refer to the sample distributed with the SDK library.
Last modified 13d ago