仓廪实则知礼节,衣食足则知荣辱。这篇文章主要讲述android in-app billing v3 api中的开发者有效负载应该是多少?相关的知识,希望能为你提供帮助。
【android in-app billing v3 api中的开发者有效负载应该是多少()】我正在我的应用中实施应用内结算以解锁高级功能。应用内结算功能设置正确。除了“开发者有效载荷”之外,一切似乎都很好。
示例应用程序说
/*
* TODO: verify that the developer payload of the purchase is correct. It will be
* the same one that you sent when initiating the purchase.
*
* WARNING: Locally generating a random string when starting a purchase and
* verifying it here might seem like a good approach, but this will fail in the
* case where the user purchases an item on one device and then uses your app on
* a different device, because on the other device you will not have access to the
* random string you originally generated.
*
* So a good developer payload has these characteristics:
*
* 1. If two different users purchase an item, the payload is different between them,
*so that one user's purchase can't be replayed to another user.
*
* 2. The payload must be such that you can verify it even when the app wasn't the
*one who initiated the purchase flow (so that items purchased by the user on
*one device work on other devices owned by the user).
*
* Using your own server to store and verify developer payloads across app
* installations is recommended.
*/
示例应用程序使用空字符串作为开发人员负载。我的问题是用作开发人员有效负载的字符串是什么?我可以使用用户的主电子邮件ID吗?答案请检查以下答案,它可能解决了您的问题:
如果您正在使用耗材项目(托管项目),那么您可以使用随机生成的字符串
第1步:在创建方法之前声明:
private static final char[] symbols = new char[36];
static {
for (int idx = 0;
idx <
10;
++idx)
symbols[idx] = (char) ('0' + idx);
for (int idx = 10;
idx <
36;
++idx)
symbols[idx] = (char) ('a' + idx - 10);
}
第2步:在您的活动中设置RandomString和SessionIdentifierGenerator类
public class RandomString {/*
* static { for (int idx = 0;
idx <
10;
++idx) symbols[idx] = (char)
* ('0' + idx);
for (int idx = 10;
idx <
36;
++idx) symbols[idx] =
* (char) ('a' + idx - 10);
}
*/private final Random random = new Random();
private final char[] buf;
public RandomString(int length) {
if (length <
1)
throw new IllegalArgumentException("length <
1: " + length);
buf = new char[length];
}public String nextString() {
for (int idx = 0;
idx <
buf.length;
++idx)
buf[idx] = symbols[random.nextInt(symbols.length)];
return new String(buf);
}}public final class SessionIdentifierGenerator {private SecureRandom random = new SecureRandom();
public String nextSessionId() {
return new BigInteger(130, random).toString(32);
}}
第3步:将有效负载传递到您的购买请求中:
RandomString randomString = new RandomString(36);
System.out.println("RandomString>
>
>
>
" + randomString.nextString());
/* String payload = "";
*/
// bGoa+V7g/yqDXvKRqq+JTFn4uQZbPiQJo4pf9RzJ
String payload = randomString.nextString();
Log.e("Random generated Payload", ">
>
>
>
>
" + payload);
Log.d(TAG, "Launching purchase flow for infinite gas subscription.");
mHelper.launchPurchaseFlow(this, SKU_GAS,
IabHelper.ITEM_TYPE_INAPP, RC_REQUEST,
mPurchaseFinishedListener, payload);
有关更多信息,请访问此链接:qazxsw poi
希望它能解决你的问题。
另一答案对我来说,随机字符串没有用,因为它首先需要依赖于购买它的用户,而不是购买它的设备。其次,它是非消耗品,所以空字符串可能适合,但不是理想的。
所以我的方法是基于密钥创建加密的哈希。每次进行购买时,它都是唯一可识别的,因为散列应该永远不会相同(这取决于散列方法,例如bcrypt)。
由于所有设备上的密钥都相同,因此可以轻松解密并验证密码消息是否正确。
为了使密钥保持秘密,我使用了各种字符串操作函数来掩盖它,因此它不会以可见的方式存储。
文本管理的一个例子可以在这里找到:Token that identify the user
Android In App Billing: securing application public key
这种基于密钥创建散列的方法允许有效载荷是唯一且可识别的,同时具有合理的安全性。它不是防弹的,但它确实很难破解。
推荐阅读
- Google InApp结算测试购买
- App Rejected - Uploaded new binary - In App Purchase - 需要开发人员操作 - 等待审核
- 可以在Android中升级测试订阅吗()
- 检查Google In App订阅续订状态
- 我是否可以为我的iPhone App客户提供推荐信用于注册新订阅客户
- Android InApp购买 - 如何处理待处理状态()
- SKPaymentTransactionObserver`应用内购买无法在iTunes连接上的App Store上推广,但代理实施和测试
- Android(在App Purchased list queryInventoryAsync中,Google返回错误的购买列表)
- iTunes Connect In App Purchase免费试用期限何去()