gpc-sdk-usage
gpc-sdk-usage
Use @gpc-cli/api and @gpc-cli/auth as standalone TypeScript SDK packages for programmatic Google Play access.
When to use
- Building a backend service that interacts with Google Play
- Creating custom dashboards or automation scripts
- Programmatic release management from TypeScript/JavaScript
- Using the typed API client directly (not through the CLI)
- Integrating Google Play operations into a larger application
Inputs required
- Node.js 20+ and TypeScript 5+
- @gpc-cli/api and @gpc-cli/auth packages
- Service account key — JSON file or raw JSON string
Procedure
0. Install packages
npm install @gpc-cli/api @gpc-cli/auth
These are standalone packages — no need to install the full CLI.
1. Authenticate
import { resolveAuth } from "@gpc-cli/auth";
// From file path
const auth = await resolveAuth({
serviceAccountPath: "/path/to/key.json",
});
// From JSON string (e.g., from environment variable)
const auth = await resolveAuth({
serviceAccountJson: process.env.PLAY_SA_KEY,
});
// From environment (GPC_SERVICE_ACCOUNT or GOOGLE_APPLICATION_CREDENTIALS)
const auth = await resolveAuth();
Read: references/auth-patterns.md for advanced auth patterns and token caching.
2. Create API client
import { createApiClient } from "@gpc-cli/api";
const client = createApiClient({
auth,
maxRetries: 3,
timeout: 30_000,
});
The client provides typed access to all 217 Google Play Developer API endpoints across the Android Publisher v3, Play Developer Reporting v1beta1, and (new in v0.9.56) Play Custom App Publishing v1 APIs.
2a. Create the Enterprise client (v0.9.56+)
For private app publishing via the Play Custom App Publishing API, use a separate factory:
import { createEnterpriseClient, type CustomApp } from "@gpc-cli/api";
const enterprise = createEnterpriseClient({ auth });
const app: CustomApp = await enterprise.apps.create(
"1234567890", // developer account ID (int64, from Play Console URL)
"./app.aab", // bundle path
{
title: "My Private App",
languageCode: "en_US",
organizations: [{ organizationId: "customer-org-id" }],
},
);
console.log("Assigned package name:", app.packageName);
// com.google.customapp.A1B2C3D4E5 (Google-assigned, you cannot influence)
Notes:
- Private apps are permanently private. Once created, they cannot be made public.
- After creation, subsequent operations (version uploads, tracks, listings) go through the regular
createApiClient()using the returnedpackageName. - Requires the "create and publish private apps" permission on your service account in Play Console.
- The underlying
HttpClient.uploadCustomApp<T>(path, filePath, metadata, contentType)method handles a multipart resumable upload where the initial session-initiation POST carries the JSON metadata. SeeResumableUploadOptions.initialMetadatafor reusing this pattern with other Google APIs.
See the gpc-enterprise skill for the CLI equivalent and full setup walkthrough.
Read: references/api-reference.md for the complete client API with all namespaces and methods.
3. Edit lifecycle
Most Google Play operations require an edit session:
const APP = "com.example.app";
// 1. Create an edit
const edit = await client.edits.insert(APP);
// 2. Make changes within the edit
const tracks = await client.tracks.list(APP, edit.id);
const details = await client.details.get(APP, edit.id);
// 3. Validate before committing
await client.edits.validate(APP, edit.id);
// 4. Commit the edit (applies all changes)
await client.edits.commit(APP, edit.id);
// Optional: commit with options (v0.9.51+)
await client.edits.commit(APP, edit.id, {
changesNotSentForReview: true,
changesInReviewBehavior: "HALT_REVIEW",
});
Important: Only one edit can be open at a time. Always commit or delete edits.
4. Common patterns
Upload a release
const edit = await client.edits.insert(APP);
// Upload the bundle
const bundle = await client.bundles.upload(APP, edit.id, "app-release.aab");
// Upload with device tier config (v0.9.51+)
const bundle2 = await client.bundles.upload(APP, edit.id, "app-release.aab", {
deviceTierConfigId: "my-tier-config",
});
// Set the track
await client.tracks.update(APP, edit.id, "beta", {
track: "beta",
releases: [{
versionCodes: [bundle.versionCode],
status: "completed",
releaseNotes: [
{ language: "en-US", text: "Bug fixes and improvements" },
],
}],
});
// Commit
await client.edits.validate(APP, edit.id);
await client.edits.commit(APP, edit.id);
List and respond to reviews
// No edit needed for reviews
const reviews = await client.reviews.list(APP, {
maxResults: 50,
translationLanguage: "en",
startIndex: 0, // pagination offset (v0.9.51+)
});
for (const review of reviews.reviews ?? []) {
if (review.comments?.[0]?.userComment?.starRating <= 2) {
await client.reviews.reply(APP, review.reviewId, "Thanks for the feedback!");
}
}
Manage subscriptions
// No edit needed for subscriptions
const subs = await client.subscriptions.list(APP);
// Get a specific subscription
const sub = await client.subscriptions.get(APP, "premium_monthly");
// Update with mutation options (v0.9.51+)
await client.subscriptions.update(APP, "premium_monthly", data, "price", {
allowMissing: true,
latencyTolerance: "PRODUCT_UPDATE_LATENCY_TOLERANCE_LATENCY_TOLERANT",
});
// Activate a base plan
await client.subscriptions.activateBasePlan(APP, "premium_monthly", "monthly");
Verify purchases
// No edit needed for purchases
const purchase = await client.purchases.getProduct(APP, "coins_100", purchaseToken);
if (purchase.purchaseState === 0 && purchase.acknowledgementState === 0) {
await client.purchases.acknowledgeProduct(APP, "coins_100", purchaseToken);
}
Upload deobfuscation files (v0.9.51+)
// Upload ProGuard mapping
await client.deobfuscation.upload(APP, edit.id, versionCode, "mapping.txt", "proguard");
// Upload native debug symbols
await client.deobfuscation.upload(APP, edit.id, versionCode, "symbols.zip", "nativeCode");
Manage expansion files (v0.9.51+)
// Get expansion file info
const obb = await client.expansionFiles.get(APP, edit.id, versionCode, "main");
// Upload a new expansion file
const uploaded = await client.expansionFiles.upload(APP, edit.id, versionCode, "main", "main.obb");
// Patch expansion file references
await client.expansionFiles.patch(APP, edit.id, versionCode, "main", {
referencesVersion: 10,
});
List one-time products with pagination (v0.9.51+)
const products = await client.oneTimeProducts.list(APP, {
pageSize: 25,
pageToken: nextToken,
});
5. Pagination
Use the built-in pagination utilities for large result sets:
import { paginate, paginateAll } from "@gpc-cli/api";
// Async generator (stream results)
for await (const page of paginate(
(token) => client.subscriptions.list(APP, { pageToken: token }),
{ limit: 100 },
)) {
for (const sub of page) {
console.log(sub.productId);
}
}
// Collect all results
const all = await paginateAll(
(token) => client.subscriptions.list(APP, { pageToken: token }),
);
6. Rate limiting
Since v0.9.47, createApiClient() automatically applies rate limiting to all API calls using Google's 6-bucket model (3,000 queries/min each). No manual configuration needed:
// Rate limiting is automatic — all calls are throttled by resource type
const client = createApiClient({ auth });
// Buckets: edits, purchases, reviews, reporting, monetization, default
To customize rate limits (e.g., for shared quota across multiple processes):
import { createRateLimiter, RATE_LIMIT_BUCKETS } from "@gpc-cli/api";
// Override specific buckets
const limiter = createRateLimiter([
{ ...RATE_LIMIT_BUCKETS.edits, maxTokens: 1500 }, // Half of default
{ ...RATE_LIMIT_BUCKETS.purchases, maxTokens: 1500 },
]);
const client = createApiClient({ auth, rateLimiter: limiter });
The resolveBucket(path) function maps API paths to buckets automatically:
/edits/paths →editsbucket/purchases/,/orders→purchasesbucket/reviews→reviewsbucket- Reporting API →
reportingbucket /subscriptions,/oneTimeProducts,/inappproducts→monetizationbucket- Everything else →
defaultbucket
7. Error handling
import { PlayApiError } from "@gpc-cli/api";
import { AuthError } from "@gpc-cli/auth";
try {
await client.edits.insert(APP);
} catch (error) {
if (error instanceof AuthError) {
console.error(`Auth failed: ${error.code}`);
} else if (error instanceof PlayApiError) {
console.error(`API error ${error.status}: ${error.code}`);
console.error(`Suggestion: ${error.suggestion}`);
}
}
Changelog generation (v0.9.62+)
The changelog pipeline from gpc changelog generate is exposed as standalone @gpc-cli/core exports — useful for CI tooling that wants the clustered/linted data structure directly.
import {
generateChangelog,
resolveLocales,
renderPlayStore,
PLAY_STORE_LIMIT, // 500
type LocaleBundle,
type GeneratedChangelog,
} from "@gpc-cli/core";
const generated: GeneratedChangelog = await generateChangelog({
from: "v0.9.61",
to: "HEAD",
});
// GitHub target: three renderers exposed as RENDERERS["md" | "json" | "prompt"]
// Play Store target: resolveLocales + renderPlayStore
const locales = await resolveLocales("en-US,fr-FR,de-DE");
const { output, bundle } = renderPlayStore(generated, {
locales,
format: "json",
});
for (const entry of bundle.locales) {
console.log(`${entry.language}: ${entry.chars}/${entry.limit} (${entry.status})`);
}
For --locales auto, pass { client, packageName } as the second arg to resolveLocales — it calls client.listings.list to infer the locale set from your live Play Store listing.
Apply release notes to a draft (v0.9.64+)
import {
applyReleaseNotes,
validateBundleForApply,
bundleToReleaseNotes,
waitForBundleProcessing,
} from "@gpc-cli/core";
// Convert a LocaleBundle to the API shape
const releaseNotes = bundleToReleaseNotes(bundle);
// Validate (returns blocked locale errors, if any)
const errors = validateBundleForApply(bundle);
if (errors.length > 0) throw new Error(errors.join(", "));
// Write into the latest draft on a track
await applyReleaseNotes(client, "com.example.app", "production", releaseNotes);
// waitForBundleProcessing: polls bundles.list after AAB upload
// with Fibonacci backoff (2s, 3s, 5s, 8s, 13s) until the
// uploaded versionCode appears. Fixes large-AAB race condition.
await waitForBundleProcessing(client, "com.example.app", editId, versionCode);
API correctness history (recent)
- v0.9.57:
apprecovery.cancel/deployURLs now use plural/appRecoveries/.dataSafety.updateisPOST, notPUT. PhantomdataSafety.getwas removed.onetimeproducts.offers.activateOffer/deactivateOfferadded. NewgetVitalsErrorCountfunction. - v0.9.58 / v0.9.59: Vitals LMK metric set is
lmkRateMetricSetwith metricsuserPerceivedLmkRate,userPerceivedLmkRate7dUserWeighted,userPerceivedLmkRate28dUserWeighted,distinctUsers. (v0.9.58 shipped the wrong resource name; v0.9.59 is the corrected build.)
Verification
resolveAuth()returns a valid auth clientcreateApiClient({ auth })creates a working clientclient.edits.insert(APP)successfully opens an edit- API calls return typed responses
- Error handling catches
PlayApiErrorandAuthError
Failure modes / debugging
| Symptom | Likely Cause | Fix |
|---|---|---|
AUTH_NO_CREDENTIALS |
No auth source found | Pass serviceAccountPath or set GPC_SERVICE_ACCOUNT |
AUTH_INVALID_KEY |
Bad JSON in key file | Re-download from Google Cloud Console |
| Edit insert fails with 403 | Service account lacks API access | Enable Google Play Developer API in GCP |
| Concurrent edit conflict | Another edit is open | Commit or delete the existing edit first |
PlayApiError with status 429 |
Rate limited | Use createRateLimiter() with appropriate buckets |
| Types not resolving | Wrong TypeScript config | Ensure moduleResolution: "bundler" or "node16" |
Related skills
- gpc-setup — service account creation and auth configuration
- gpc-plugin-development — building plugins that use the SDK internally
- gpc-troubleshooting — interpreting API error codes
More from yasserstudio/gpc-skills
gpc-release-flow
Use when uploading, releasing, promoting, or managing rollouts on Google Play. Make sure to use this skill whenever the user mentions gpc releases, upload AAB, upload APK, staged rollout, promote to production, halt rollout, gpc publish, release notes, track management, internal testing, beta release, production rollout, version code, rollout percentage, gpc bundles, bundle list, bundle wait, wait for bundle processing, in-app update priority, retain version codes, versioned changelogs, or wants to ship an Android app to any Play Store track. Also trigger when someone asks about the Google Play edit lifecycle, release validation, or how to do a phased rollout — even if they don't mention GPC by name. For metadata and listings, see gpc-metadata-sync. For CI/CD integration, see gpc-ci-integration.
12gpc-security
Use when dealing with GPC credential security, secret management, audit logging, or access control. Make sure to use this skill whenever the user mentions credentials, service account key, secret rotation, key rotation, credential storage, audit log, audit trail, security best practices, .gpcrc.json security, secrets in CI, GPC_SERVICE_ACCOUNT safety, keychain, token cache, credential leak, key compromise, secure deployment — even if they don't explicitly say 'security.' Also trigger when someone asks about where GPC stores credentials, how to rotate service account keys, how to audit who did what with GPC, how to securely pass credentials in CI/CD, or how to handle a compromised service account key. For auth setup, see gpc-setup. For CI configuration, see gpc-ci-integration.
12gpc-multi-app
Use when managing multiple Google Play apps with GPC. Make sure to use this skill whenever the user mentions multiple apps, multi-app, monorepo, white-label, batch operations, bulk upload, several apps, --app flag, app switching, profiles for different apps, fleet management, app portfolio, multiple package names — even if they don't explicitly say 'multi-app.' Also trigger when someone has more than one Android app and wants to manage them efficiently, when they need different configurations per app, when they're running the same command across multiple apps, or when they have a monorepo with multiple Android modules. For single-app setup, see gpc-setup. For CI automation, see gpc-ci-integration.
11gpc-setup
Use when setting up GPC (Google Play Console CLI): authentication with service accounts, OAuth, or Application Default Credentials; configuration files (.gpcrc.json, env vars, XDG paths); auth profiles; running gpc doctor; troubleshooting auth errors. Make sure to use this skill whenever the user mentions gpc auth, service account setup, gpc config, gpc doctor, GPC_SERVICE_ACCOUNT, gpc auth login, Google Play API credentials, Play Console authentication, gpc setup, gpc setup wizard, one-command onboarding, or wants to install/configure GPC — even if they don't explicitly say 'setup.' Also trigger when someone is troubleshooting auth failures, token expiration, keychain issues, or proxy/network configuration for GPC.
11gpc-monetization
Use when managing in-app purchases, subscriptions, pricing, or Real-Time Developer Notifications in Google Play. Make sure to use this skill whenever the user mentions gpc subscriptions, gpc iap, gpc purchases, gpc pricing, gpc rtdn, in-app products, base plans, subscription offers, one-time products, consumable products, purchase verification, purchase acknowledgement, purchase token, subscription cancellation, subscription deferral, voided purchases, refunds, regional pricing, currency conversion, price migration, SKU management, monetization, revenue, billing, subscription analytics, churn, trial conversion, subscriber count, RTDN, Real-Time Developer Notifications, Pub/Sub notifications, subscription events, purchase events — even if they don't explicitly say 'monetization.' Also trigger when someone wants to create or update subscriptions, manage base plan lifecycle (activate/deactivate), set up introductory offers, verify server-side purchases, handle refunds, convert prices across regions, sync IAP products from files, migrate subscribers to new prices, view subscription analytics, decode Pub/Sub notification payloads, or check RTDN topic configuration. For release management, see gpc-release-flow. For CI automation, see gpc-ci-integration.
11gpc-metadata-sync
Use when managing Google Play store listings, metadata, screenshots, or images. Make sure to use this skill whenever the user mentions gpc listings, store listing, metadata sync, screenshots, Fastlane metadata, localization, app description, pull listings, push listings, feature graphic, Play Store images, app title, short description, full description, changelogs, image sync, image dedup, listings images sync, or wants to update any text or visual content on their Play Store page. Also trigger when someone asks about migrating from Fastlane supply, syncing metadata to/from local files, managing multi-language listings, or bulk-updating store content — even if they don't mention GPC explicitly. For releases and uploads, see gpc-release-flow.
11