I've tried so many things in the last days but now I'm out of ideas :(
I want to verify an inAppPurchase that has been made in my android app.
1) I created a new service account in the google API console.
1a) The service account is listed unter permissions and has "can view" permission
2) I'm using the most current version of https://github.com/google/google-api-php-client
3) code snippet from my PHP script:
$client = new Google_Client();
$client->setApplicationName('myAppName' );
$client->setClientId('123456789123-vxoasdt8qwe6awerc9ysdfmjysdfysf64werweria8fh.apps.googleusercontent.com');
$key = file_get_contents('/shr/data/stor/b516cexx3123asdf3988345d8133e7f86bfas2553-privatekey.p12');
$service_account_name = '123456789123-vxoasdt8qwe6awerc9ysdfmjysdfysf64werweria8fh@developer.gserviceaccount.com';
$client->setScopes(array('https://www.googleapis.com/auth/androidpublisher') );
$cred = new Google_Auth_AssertionCredentials( $service_account_name, array('https://www.googleapis.com/auth/androidpublisher'), $key );
$client->setAssertionCredentials($cred);
try {
$service = new Google_Service_AndroidPublisher( $client );
$googleApiResult = $service->inapppurchases->get($externalAppId, $externalProductId, $purchaseToken);
} catch (Exception $e) {
var_dump( $e->getMessage() );
}
4) Response from Google:
GET https://www.googleapis.com/androidpublisher/v1.1/applications/de.test.myapp/inapp/de.test.inapp.google.balance5eur/purchases/[PURCHASETOKEN]: (401) The current user has insufficient permissions to perform the requested operation.
[PURCHASETOKEN] is the purchase token I received from google
5) Setting $cred->sub = '[email protected]' to my mail address brings up
Error refreshing the OAuth2 token, message: '{ "error" : "unauthorized_client", "error_description" : "Unauthorized client or scope in request." }'
Ok I found the solution!
You must to connect your API with your app. You must go to your Google Play publish page (https://play.google.com/apps/publish) and invite a user with the service account email in Settings->User account & rights->Invite new user and give it the privileges of "View financial reports".
This means that, whereas you normally might see a number of users from your domain listed in the Google Play Console (Email: [email protected], Role: Finance; Email: [email protected], Role: Administrator), you will now add another user and give him a Finance role (Email: [email protected], Role: Finance).
Thanks works for me, good luck!