Hi, my name is Carl and I am a Software Engineeron the Google Chrome team.
In this video, I will describe how to integrate with theChrome Web Store Licensing API.
Suppose you are creating a web app.
The ChromeWeb Store makes it easy to charge people to use that app wherever it is running.
Userswill purchase access to your app right from the Chrome Web Store.
To check whether a userhas paid for your app, use the Chrome Web Store’s licensing API.
The licensing API takes two inputs: the app ID and the user ID.
The app ID is the id the Chrome Web Store assigns to your app when you first createit in the store.
The user ID is the Google-provided OpenIDURL.
Typically, with OpenID the user ID is not shared unless the user explicitly grantspermission to the application; however, Google Chrome grants this permission automaticallywhen the user installs the application.
Users in other browsers will still see an approvalstep.
A number of OpenID libraries may be used todetermine the OpenID URL.
To see a comprehensive list of libraries justvisit http://wiki.
Some specific OpenID libraries you can exploreare the following: For Java you can try OpenID4Java.
For Python try using Google App Engine’s Django OpenID.
You can find more information on how to use OpenID in our documentation.
The Chrome Web Store doesn’t allow just anyone to call the licensing API.
The storewill check that the caller is authorized to make a licensing API check for a given app.
In this way we provide separation among the licensing data for various apps.
The developer that creates a web app in the Chrome Web Store is the only user with permissionto call the licencing API for that app.
In order to securely authenticate the ownerof an application, we use OAuth access tokens.
These tokens prove that you have the rightto call the API.
We automatically provide you with an OAuthaccess token in the developer dashboard for each app you own.
An OAuth access token isreally a token and a token secret, but I just refer to them as an access token.
To create a token, go to the developer dashboard and follow the link labeled “AuthToken”.
The next page explains what you need the token for and at the bottom of the page, you willsee a button to generate the OAuth access token.
When you click that button you will see the values for oauth_token and oauth_token_secretfill in.
Those tokens are scoped so they will onlywork to access the Chrome Web Store licensing API and cannot be used to access other informationfrom Google.
Please note that the Chrome Web Store willnot display these values more than one time for security reasons, so, don’t forget tocopy them to a secure location before you leave the page.
If necessary, you can returnlater to generate a new access token.
Now you should have all the data you needto call the licensing API: An OAuth access tokenA User ID and an App ID.
Let’s look at the details of calling the API using HTTP.
The licensing API endpoint is simply a URL containing the app ID and the user ID.
Theapp and user IDs must be URL-encoded.
To call the licensing API, you need to addOAuth signature parameters.
You can use an OAuth library to sign the HTTP requests.
Html for a list of libraries that may be used toperform these API calls in various web development languages.
The signing step needs the following pieces of data:The consumer key: This is always “anonymous”.
The consumer secret: This is also always “anonymous”.
The token and the token secret.
The consumer key and consumer secret are anonymousbecause you, the developer, are granting access to the application you own.
JSON is the default response format for API requests.
This response will indicate whetherthe user should be granted permission to use your app.
If you prefer the ATOM format, you can specify alt=atom in the URL.
To learn more about the Chrome Web Store and how to integrate with our licensing API, justvisit code.