In-App Purchase SDK

Add in-app purchases to your app securely.

Written By despia

Last updated About 1 year ago

Overview

The Despia In-App Purchase SDK v2 enables secure in-app purchases across iOS, Android, and web platforms. This new version introduces enhanced security features, server-side webhooks, and native validation through Apple StoreKit and Google Billing Center.

Important: Make sure to publish a new version via TestFlight to test and use In-App Purchases successfully using our V2 SDK.

Key Features

  • Server-side webhooks for subscription status updates

  • Native validation through Apple/Google payment systems

  • Real-time transaction verification

  • Automatic receipt validation

  • Support for both consumable and non-consumable purchases

  • Cross-platform compatibility (iOS, Android, Web)

Prerequisites

Before implementing in-app purchases:

  1. Published Despia mobile application

  2. Apple Developer account or Google Play Developer account

  3. Configured bank account in respective app stores

  4. Completed tax forms and business information

  5. Product IDs set up in App Store Connect/Google Play Console

Basic Implementation

1. Initialize Purchase

const product_id = "yourproductid"; // Your Product ID
const consumable = false; // Set true for consumable purchases
const baseUrl = 'inapppurchase://?package=' + product_id;
    
const finalUrl = navigator.userAgent === "despia-iphone" || 
                navigator.userAgent === "despia-ipad"
    ? `${baseUrl}&successful_url=""`
    : `${baseUrl}&successful_url=""&consumable=${consumable}`;

window.despia = finalUrl;

2. Variable Tracker Implementation

class VariableTracker {
    constructor(variables, onReady) {
        this.variables = variables;
        this.onReady = onReady;
        this.triggered = false;
        this.processing = false;
        
        // Create tracker element
        this.tracker = document.createElement('div');
        this.tracker.style.display = 'none';
        document.body.appendChild(this.tracker);
        
        // Setup observer with debounce
        let timeout;
        this.observer = new MutationObserver(() => {
            clearTimeout(timeout);
            timeout = setTimeout(() => this.check(), 100);
        });
        
        this.observer.observe(this.tracker, { attributes: true });
        this.check();
        this.interval = setInterval(() => this.check(), 1000);
    }

    check() {
        if (this.processing || this.triggered) return;
        this.processing = true;

        try {
            const values = {};
            const allSet = this.variables.every(name => {
                const val = window[name];
                if (val === undefined || val === "n/a") return false;
                values[name] = val;
                return true;
            });

            if (allSet && !this.triggered) {
                this.triggered = true;
                this.cleanup();
                this.onReady(values);
            }
        } catch (err) {
            console.error("Error during check:", err);
        }
        
        this.processing = false;
    }

    cleanup() {
        this.observer.disconnect();
        clearInterval(this.interval);
        this.tracker.remove();
    }
}

3. Track Purchase Variables

new VariableTracker(
    ['planID', 'transactionID', 'subreceipts'],
    values => console.log("Purchase Success", {
        plan: values.planID,
        transaction: values.transactionID,
        receipt: values.subreceipts
    })
);

Purchase Flow

  1. Initial Purchase

    • User triggers purchase through your UI

    • SDK initiates native purchase flow

    • Returns transaction data including receipt and ID

  2. Validation

    • SDK automatically validates purchase with platform

    • Returns base64 encoded receipt data

    • Server can verify with Apple/Google APIs

  3. Success Handling

    • Receive transaction ID and receipt

    • Send to your server with user authentication

    • Update user access/permissions

Security Best Practices

  1. Receipt Validation

    • Always validate receipts server-side

    • Use Apple/Google APIs for verification

    • Store transaction IDs for reference

  2. User Authentication

    • Link purchases to authenticated users

    • Include device ID or auth token with validation

    • Prevent unauthorized access sharing

  3. Webhook Handling

    • Implement secure webhook endpoints

    • Verify webhook authenticity

    • Process subscription updates in real-time

Testing Tips

  1. Sandbox Testing

    • Use consumable products for repeated testing

    • Create test accounts in App Store/Play Console

    • Verify webhook functionality in test environment

  2. Common Issues

    • Ensure bank account is linked in developer console

    • Verify product IDs match exactly

    • Check user agent detection for platform-specific code

Need Help?

If you need assistance implementing the SDK or have questions, contact our support team at support@despia.com

Last updated: January 2025