An overview of the Chrome Web Store Licensing API
We recently released a developer preview of the Chrome Web Store, which included new documentation about our upcoming payments and licensing API. With this blog post, we wanted to share a quick overview and some tips about this API so that you can start developing your apps with it.
The Chrome Web Store will offer a built-in payments system that allows you to charge for apps, making it easy for users to pay without leaving the store. If you want to work with this payments system in your apps, you can use the Chrome Web Store Licensing API to verify whether a given user has paid and should have access to your app. Here’s how the API works:
The Licensing API has two inputs: the app ID and the user ID. The app ID is a unique identifier that’s assigned to each item uploaded to the store. You can see it most easily in the URL of your detail page—for example, .../detail/aihcahmgecmbnbcchbopgniflfhgnkff.
The user ID is the OpenID URL corresponding to the user’s Google Account. You can get the OpenID URL for the current user either by using Google App Engine’s built-in OpenID support or by using a standard OpenID library and Google’s OpenID endpoint.
Given the app ID and the user ID, you make Licensing API requests using this URI:
When your app makes an HTTP request to the Licensing API, the app needs to be authenticated. The app is authenticated by matching your Google Account that uploaded the app to the Google Account used to call the API.
There are a few ways the app can indicate the Google Account used to make the API call. For the Chrome Web Store Licensing API, we highly recommend the use of OAuth for Web Applications. In this approach, OAuth access tokens are used to identify the Google Account calling the API.
You can obtain the necessary token via the Chrome Developer Dashboard by clicking the “AuthToken” link for your app. (This link appears only if your app uses Chrome Web Store Payments.) You’ll need this OAuth token to sign the HTTP requests to call the Licensing API. The best way to sign your requests is with a standard OAuth library.
The OAuth tokens that the Chrome Developer Dashboard provides are limited in scope, which means that they can only be used to make Licensing API calls. They can’t be used to make calls to other authenticated Google APIs or for anything else.
Once you’re ready to make authenticated calls, give the API a try by making your first request. For more information read the Licensing API docs, try out the Getting Started tutorial, check out the samples, and watch the video below:
Note that current version of the Licensing API is a stub, which means that it doesn’t return live data that’s based on purchases just yet. Instead, it returns dummy responses that you can use to verify the various scenarios of your implementation. However the protocol, response format, and URL endpoints of the API are all final, so your implementation shouldn’t need to change before the final launch of the store.
We look forward to receiving your feedback on the current Licensing API implementation at our developer discussion group.