4

I'm working on an Azure Function that will call Google Play API to verify a purchase after a user makes an in-app purchase in my mobile app.

I created a service account on Google Cloud Platform and set it as "Owner" but so far my Azure Functions is failing with the following error when I try to verify a purchase:

Google.GoogleApiException: 'The service androidpublisher has thrown an exception. HttpStatusCode is Unauthorized. The current user has insufficient permissions to perform the requested operation.'

So, I go to IAM and edit the service account to add additional roles but I'm TOTALLY confused about which roles to add.

I also tried it from Google Play Console > API Access > Service Accounts -- see below: enter image description here

Under permissions, I selected:

  • View financial data, orders, and cancellation survey responses
  • Manage orders and subscriptions

I did this under both "App Permissions" and "Account Permissions" tabs -- see below:

enter image description here

Any idea what I'm doing wrong or not doing? As I mentioned, all I need is to use this service account in my Azure Functions app to make API calls to Google Play to verify purchases.

Sam
  • 26,817
  • 58
  • 206
  • 383
  • Show the code that is creating the Access Token. Google Cloud does not provide an IAM Role for Google Play as Google Cloud and Google APIs are different services. When you create the token you request a Google Play **scope**. Scopes are permissions. I do not work with Google Play, but this page lists the Play scopes: https://developers.google.com/identity/protocols/oauth2/scopes#androidpublisher You mention Google Play Order verification. I am not sure which scopes are required for purchases. Hopefully, this will help you figure this out. Usually, the API tells you which scopes are required. – John Hanley Apr 09 '22 at 06:38
  • I believe OAuth accounts use access tokens. This is a service account so it uses Id and a key. I created the service account on Google Cloud Platform console — see first image. Then in Google Play Console, I added this service account and gave it the necessary permissions — see second image. Hope this makes sense. – Sam Apr 09 '22 at 07:11
  • Edit your question and include the code that generates the access token. The item I am looking for is how you are requesting scopes at the time you request the token. None of the images in your question apply to your problem. – John Hanley Apr 09 '22 at 07:27
  • It's quite possible that I'm getting this wrong but here's what I've done: I created a service account for my backend API to use. When I created it, it created a `JSON` file for me which I downloaded. This `JSON` file contains things like `client_email` and `private_key`. So, in my Azure Functions code, I'm using `client_email` as the Google Play Account and `private_key` as the Google Play Key. Clearly, this approach is wrong because it's not working. Am I supposed to call and obtain a token? – Sam Apr 11 '22 at 06:10
  • Hi, @Sam! Have you solved your problem? – Cubius Oct 26 '22 at 09:48
  • I have the same problem – stavros.3p Jul 26 '23 at 15:12

0 Answers0