In-App Subscriptions SDK

Implement secure subscription handling across mobile and web platforms.

Written By despia

Last updated About 1 year ago

Overview

The Despia In-App Subscription SDK enables secure in-app purchases across iOS, Android, and web platforms. It provides a seamless way to implement subscription-based features in your mobile applications with enhanced security features and native validation through Apple StoreKit and Google Billing Center.

Key Features

  • Server-side webhooks for subscription status updates

  • Native validation through Apple/Google payment systems

  • Real-time transaction verification

  • Automatic receipt validation

  • Support for both consumable and non-consumable purchases

  • Cross-platform compatibility (iOS, Android, Web)

Prerequisites

Before implementing in-app subscriptions:

  • Published Despia mobile application

  • Apple Developer account or Google Play Developer account

  • Configured bank account in respective app stores

  • Completed tax forms and business information

  • Product IDs set up in App Store Connect/Google Play Console

Basic Implementation

1. Initialize Purchase

// Call In-App Subscription SDK const product_id = args.package const expired_url = args.expired_url window.despia = `inapppurchase://?package=${product_id}&successful_url=""&expired_url=${expired_url}`

2. Variable Tracker Implementation

class VariableTracker { constructor(variables, onReady) { this.variables = variables; this.onReady = onReady; this.triggered = false; this.processing = false; // Create tracker element this.tracker = document.createElement('div'); this.tracker.style.display = 'none'; document.body.appendChild(this.tracker); // Setup observer with debounce let timeout; this.observer = new MutationObserver(() => { clearTimeout(timeout); timeout = setTimeout(() => this.check(), 100); }); // Start observing and checking this.observer.observe(this.tracker, { attributes: true }); this.check(); this.interval = setInterval(() => this.check(), 1000); } check() { if (this.processing || this.triggered) return; this.processing = true; try { const values = {}; const allSet = this.variables.every(name => { const val = window[name]; // Check for undefined, "n/a" string, or null values if (val === undefined || val === "n/a" || val === null) return false; values[name] = val; return true; }); if (allSet && !this.triggered) { this.triggered = true; this.cleanup(); this.onReady(values); } } catch (err) { console.log("onError"); // Return Error } this.processing = false; } cleanup() { this.observer.disconnect(); clearInterval(this.interval); this.tracker.remove(); } }

3. Track Purchase Variables

// Observe Payment Variables new VariableTracker( ['planID', 'transactionID', 'subreceipts', ], values => console.log("onSuccess", { // Log Subscription Data plan: values.planID, transaction: values.transactionID, receipt: values.subreceipts }) );

Purchase Flow

Initial Purchase

  • User triggers purchase through your UI

  • SDK initiates native purchase flow

  • Returns transaction data including receipt and ID

Validation

  • SDK automatically validates purchase with platform

  • Returns base64 encoded receipt data

  • Server can verify with Apple/Google APIs

Success Handling

  • Receive transaction ID and receipt

  • Send to your server with user authentication

  • Update user access/permissions

Security Best Practices

Receipt Validation

  • Always validate receipts server-side

  • Use Apple/Google APIs for verification

  • Store transaction IDs for reference

User Authentication

  • Link purchases to authenticated users

  • Include device ID or auth token with validation

  • Prevent unauthorized access sharing

Webhook Handling

  • Implement secure webhook endpoints

  • Verify webhook authenticity

  • Process subscription updates in real-time

Testing Tips

Sandbox Testing

  • Use consumable products for repeated testing

  • Create test accounts in App Store/Play Console

  • Verify webhook functionality in test environment

Common Issues

  • Ensure bank account is linked in developer console

  • Verify product IDs match exactly

  • Check user agent detection for platform-specific code

Need Help?

If you need assistance implementing the SDK or have questions, contact our support team at support@despia.com

Last updated: March 2025