Amaya CloudStore

Admin panel, Rest Full API, Server-side validating In-App purchase

About the project

AmayaSoft has been developing educational games for children on Android and iOS for over 10 years now.

Our task was to develop software for user purchase validation and in-app purchase management.

Amaya CloudStore

Why is it necessary to check In-app purchases?

  • To validate a purchase that has just been made

    Back when many people had Jailbreak, this was a serious issue: there were certain utilities to forge checks. Now this problem is no longer relevant, as Jailbreak has become less common.

  • When restoring purchases

    If a user reinstalls your app or runs it from another device, you must give them access to the functionality for which they have already paid. By decrypting the App Store receipt, you can find out if an in-app purchase was made.

  • When purchasing automatically renewable subscriptions

    To determine the current subscription status and expiration date.

  • To manually manage user purchases

    It is sometimes necessary to credit purchases to the user in case of a dispute or loss of access, or when certain results are achieved.

How does the purchase verification process work?

The server checks the validity of the purchase on the market, and then saves the purchase information in the database and links it to the user's account or app ID.

In-app purchase validating

Since all purchase information is stored on the server, the app has the following scenarios:

  1. To check the availability of paid content
  2. To restore user purchases

Web application


We have developed an easy-to-use admin panel for administrators and moderators to view and manage purchases. In fact, the server makes it possible to manage several mobile apps on the same platform simultaneously. To do this, the moderator just needs to add the apps in the web interface, specify app bundles, keys, fill in the products and their product IDs from the markets - then the server is ready to validate users' purchases.


Adding a new store

All of the user's personal data is stored in the database in a strictly encrypted form.


Together with the customer, we drafted the main scenarios under which the application would work. It was important to allow quick parameter changes for some entities and exclude accidental editing or deletion for others.

We took all these cases into account when designing the interface. The tables use fast editing of cells, objects are deleted with the possibility of recovery, and the interface gives warnings about unsaved changes. We also added search filters, sorting, tips and differentiation of access rights - things that make up a convenient data management system.


PostgreSQL is used as a database, Node.js with TypeScript is used as a server-side programming language, and the web application is written using the Angular framework.