Java – How to verify Android In-app Billing with a server with Ruby


I am having trouble figuring out how to verify Androind In-app Billing purchases with my Ruby on Rails server.

I think that Android gives a that has some sort of method to verify on physical device. From my research it seems like either (1) I need to figure out how to use this class with my Ruby on Rails server or (2) I need to port to Ruby.

Is this correct? Does anyone know another way to verify the receipt?

Best Solution

I just figured this out.

Basically the way it works is that when a purchase succeeds the android market sends back a message (formatted in JSON) with the order details and a cryptographic signature. In the class the verify function is making sure that the message really did come from the Android market application by verifying the signature using your public key.

If you want to use your own server in the mix, you simply need to pass the signature and json payload to your server and verify the json payload on your server. If you can verify that the json data came from the market application, you can use it to create your server side order objects. Then you can respond to your client application that the order was processed and update your UI.

What I did in my app is just add in the server communication stuff in the Security class' verify function in place of the existing verify function.

The real trick is writing signature verification code in ruby. Here's what works:

base64_encoded_public_key is your key in your user profile sig is the signature property being passed into the Dungeons security example data is the json string sent back by the market.

require 'rubygems'
require 'openssl'
require 'base64'

base64_encoded_public_key = "YOUR KEY HERE"

key =

verified = key.verify(, Base64.decode64(sig), data )