Android Authorize and Authenticate Technical Documents

Created: 5 years ago , Edited: 4 years ago

**We will be keeping these documents up-to-date and continuely improving the quality and detail, please visit again frequently. 

What is the role of's service?

 Android Gateway authorization and authentication service is a uniform network-based service that lets a paid Android application running on any Android-powered device querys a trusted licensing server, to determine whether the application is licensed to the current device user. After receiving the server response, the application can then allow or disallow further use of the application as needed. In the service, the role of Android Gateway authorization and authentication service is to provide the authorization and authentication status for the current device user; the application itself is responsible for querying the service and conditionally granting access to the application.

How to make use of's service?

It is easy to make use of's authorization and authentication service. has open-sourced a client project - Auth Library, you can check out the source code from

General speaking, provides three RESTful web service interfaces, authorize, authenticate and refund. Developers only need to communicate with authorize and authenticate web services. The refund web service is for our partnership marketplaces and stores. Authorization authorization takes place at the first time a paid Android application launched after it got downloaded from an app store. The paid application with built-in Auth Library will communicate with authroize RESTful web service. In the communication, the Auth Library will pass in developerAPI, productKey, deviceID and token to the server. The server will verify the data past in, talk to the app store the application purchased to validate the token, and response the status back to the Auth Library, the application itself will be conditionally granting access to the application. Authentication

After the paid application has been authorized, each time the application get launched, the application invoke Auth Library to talk to authenticate RESTful web service by passing in developerAPI, productKey and deviceID. will verify the data past in, response the authentication status back to the Auth Library, the application itself will be conditionally granting access to the application.

Auth Library

 Auth Library is the open source authorization and authentication client, which can be embedded into Android application to communicate with to verify the application access status. Currently, Auth Library has two kinds of implementations, Http Connection bases on Apache Http and REST template connection bases on Spring Mobile. The source code can be checked out from


  1. public boolean authorize(String developerApi, String productKey, String deviceId, String token);


Basic tips to protect your Android application investment

How to obtain the Device ID on Android Device:

How to get the unique device ID, for example, the IMEI for GSM and the MEID or ESN for CDMA phones. Return null if device ID is not available.

From the activity class or subclass, call

  1. TelephonyManager telephonyManager =(TelephonyManager)getSystemService(Context.TELEPHONY_SERVICE);
  2. telephonyManager.getDeviceId();
  3. And you should add the following permission into your Manifest .xml file: