diff --git a/src/lib/auth.js b/src/lib/auth.js
index c8911be88..a40ad605b 100644
--- a/src/lib/auth.js
+++ b/src/lib/auth.js
@@ -1,5 +1,6 @@
 import toast from "components/toast";
 import { addIntentHandler } from "handlers/intent";
+import constants from "./constants";
 
 const loginEvents = {
 	listeners: new Set(),
@@ -50,7 +51,7 @@ class AuthService {
 	}
 
 	async openLoginUrl() {
-		const url = "https://acode.app/login?redirect=app";
+		const url = `${constants.BASE_URL}/login?redirect=app`;
 
 		try {
 			await new Promise((resolve, reject) => {
diff --git a/src/lib/constants.js b/src/lib/constants.js
index f1315999a..8e1e1f562 100644
--- a/src/lib/constants.js
+++ b/src/lib/constants.js
@@ -19,6 +19,9 @@ export default {
 	get PLAY_STORE_URL() {
 		return `https://play.google.com/store/apps/details?id=${BuildInfo.packageName}`;
 	},
+
+	//changing url here is not enough, also change in src/plugins/auth/src/android/Authenticator.java
+	BASE_URL: "https://acode.app",
 	API_BASE: "https://acode.app/api",
 	// API_BASE: 'https://192.168.0.102:3001/api', // test api
 	SKU_LIST: ["crystal", "bronze", "silver", "gold", "platinum", "titanium"],
diff --git a/src/lib/installPlugin.js b/src/lib/installPlugin.js
index 5488d9131..ffabfeeb8 100644
--- a/src/lib/installPlugin.js
+++ b/src/lib/installPlugin.js
@@ -66,40 +66,23 @@ export default async function installPlugin(
 	try {
 		if (!isDependency) loaderDialog.show();
 
-		let plugin;
-		if (
-			pluginUrl.includes(constants.API_BASE) ||
-			pluginUrl.startsWith("file:") ||
-			pluginUrl.startsWith("content:")
-		) {
-			// Use fsOperation for Acode registry URL
-			plugin = await fsOperation(pluginUrl).readFile(
-				undefined,
-				(loaded, total) => {
-					loaderDialog.setMessage(
-						`${strings.loading} ${((loaded / total) * 100).toFixed(2)}%`,
-					);
-				},
-			);
-		} else {
-			// cordova http plugin for others
-			plugin = await new Promise((resolve, reject) => {
-				cordova.plugin.http.sendRequest(
-					pluginUrl,
-					{
-						method: "GET",
-						responseType: "arraybuffer",
-					},
-					(response) => {
-						resolve(response.data);
-						loaderDialog.setMessage(`${strings.loading} 100%`);
-					},
-					(error) => {
-						reject(error);
-					},
+		const tempPath = cordova.file.cacheDirectory + "plugin_download.zip";
+
+		await new Promise((resolve, reject) => {
+			cordova.exec(resolve, reject, "Authenticator", "downloadPlugin", [
+				pluginUrl,
+				tempPath,
+			]);
+		});
+
+		let plugin = await fsOperation(tempPath).readFile(
+			undefined,
+			(loaded, total) => {
+				loaderDialog.setMessage(
+					`${strings.loading} ${((loaded / total) * 100).toFixed(2)}%`,
 				);
-			});
-		}
+			},
+		);
 
 		if (plugin) {
 			const zip = new JSZip();
diff --git a/src/pages/plugin/plugin.js b/src/pages/plugin/plugin.js
index 56f7f7f86..1d1d2cf8a 100644
--- a/src/pages/plugin/plugin.js
+++ b/src/pages/plugin/plugin.js
@@ -139,12 +139,35 @@ export default async function PluginInclude(
 			try {
 				loader.showTitleLoader();
 				if ((await helpers.checkAPIStatus()) && isValidSource(plugin.source)) {
-					const remotePlugin = await fsOperation(
-						constants.API_BASE,
-						`plugin/${id}`,
-					)
-						.readFile("json")
-						.catch(() => null);
+					const remotePlugin = await new Promise((resolve) => {
+						cordova.exec(
+							(result) => {
+								if (!result) return resolve(null);
+								if (typeof result === "string") {
+									try {
+										return resolve(JSON.parse(result));
+									} catch (err) {
+										console.warn(
+											"[Plugin Debug] fetchWithToken invalid JSON:",
+											result.slice(0, 120),
+										);
+										return resolve(null);
+									}
+								}
+								resolve(result);
+							},
+							(err) => {
+								console.warn(
+									"[Plugin Debug] fetchWithToken native error:",
+									err,
+								);
+								resolve(null);
+							},
+							"Authenticator",
+							"fetchWithToken",
+							[Url.join(constants.API_BASE, "plugin", id)],
+						);
+					}).catch(() => null);
 
 					if (cancelled || !remotePlugin) return;
 
@@ -159,22 +182,41 @@ export default async function PluginInclude(
 
 					plugin = Object.assign({}, remotePlugin);
 
-					if (!Number.parseFloat(remotePlugin.price)) return;
+					if (!Number.parseFloat(remotePlugin.price) && !remotePlugin.owned)
+						return;
 
 					isPaid = remotePlugin.price > 0;
+					//console.log(`[Plugin Debug] Fetched remotePlugin - id: ${remotePlugin.id}, owned: ${remotePlugin.owned}, price: ${remotePlugin.price}, sku: ${remotePlugin.sku}, isPaid: ${isPaid}`);
+
 					try {
 						[product] = await helpers.promisify(iap.getProducts, [
 							remotePlugin.sku,
 						]);
+						//console.log(`[Plugin Debug] IAP getProducts result - product:`, product);
+
 						if (product) {
 							const purchase = await getPurchase(product.productId);
-							purchased = !!purchase;
+							purchased = !!purchase || remotePlugin.owned;
 							price = product.price;
 							purchaseToken = purchase?.purchaseToken;
+							//console.log(`[Plugin Debug] IAP path - purchase found: ${!!purchase}, purchased: ${purchased}, price: ${price}`);
+						} else if (remotePlugin.owned) {
+							purchased = true;
+							price = remotePlugin.price;
+							//console.log(`[Plugin Debug] No IAP product but owned=true - purchased: ${purchased}, price: ${price}`);
 						}
 					} catch (error) {
+						//console.log(`[Plugin Debug] IAP error:`, error.message);
 						helpers.error(error);
+						// If IAP fails but plugin is owned via Razorpay, mark as purchased
+						if (remotePlugin.owned) {
+							purchased = true;
+							price = remotePlugin.price;
+							//console.log(`[Plugin Debug] IAP failed but owned=true - purchased: ${purchased}, price: ${price}`);
+						}
 					}
+
+					//console.log(`[Plugin Debug] Final state before render - isPaid: ${isPaid}, purchased: ${purchased}, price: ${price}, installed: ${installed}`);
 				}
 			} catch (error) {
 				console.error(error);
@@ -321,6 +363,8 @@ export default async function PluginInclude(
 	}
 
 	async function render() {
+		//console.log(`[Plugin Render Debug] Values being rendered - isPaid: ${isPaid}, purchased: ${purchased}, price: ${price}, installed: ${installed}, id: ${plugin.id}`);
+
 		const pluginSettings = settings.uiSettings[`plugin-${plugin.id}`];
 		$page.body = view({
 			...plugin,
diff --git a/src/pages/plugin/plugin.view.js b/src/pages/plugin/plugin.view.js
index 3ae08a9c4..fa90d55e6 100644
--- a/src/pages/plugin/plugin.view.js
+++ b/src/pages/plugin/plugin.view.js
@@ -281,6 +281,8 @@ function Buttons({
 	buy,
 	minVersionCode,
 }) {
+	//console.log(`[Buttons Debug] isPaid: ${isPaid}, installed: ${installed}, update: ${update}, purchased: ${purchased}, price: ${price}, minVersionCode: ${minVersionCode}`);
+
 	if (
 		typeof minVersionCode === "number" &&
 		minVersionCode > BuildInfo.versionCode
@@ -330,6 +332,7 @@ function Buttons({
 	}
 
 	if (isPaid && !purchased && price) {
+		//console.log(`[Buttons] Showing BUY button - isPaid: true, !purchased: true, price: ${price}`);
 		return (
 			<button data-type="buy" className="btn btn-install" onclick={buy}>
 				<i className="icon cart"></i>
@@ -339,6 +342,7 @@ function Buttons({
 	}
 
 	if (isPaid && !purchased && !price) {
+		//console.log(`[Buttons] Showing PRODUCT NOT AVAILABLE - isPaid: true, !purchased: true, !price: true`);
 		return (
 			<div style={{ margin: "auto" }} className="flex-center">
 				<span
@@ -350,6 +354,7 @@ function Buttons({
 		);
 	}
 
+	//console.log(`[Buttons] Showing INSTALL button - falling through to default`);
 	return (
 		<button data-type="install" className="btn btn-install" onclick={install}>
 			<i className="icon save_alt"></i>
diff --git a/src/pages/plugins/plugins.js b/src/pages/plugins/plugins.js
index d16aa2dcc..9e6154a51 100644
--- a/src/pages/plugins/plugins.js
+++ b/src/pages/plugins/plugins.js
@@ -416,95 +416,82 @@ export default function PluginsInclude(updates) {
     }
   }
 
-  async function retrieveFilteredPlugins(filterState) {
+  //fetch plugins with the auth token
+  function fetchPlugins(url) {
+    return new Promise((resolve, reject) => {
+        cordova.exec(
+            (items) => resolve(items),
+            (err) => reject(new Error(err)),
+            "Authenticator",
+            "fetchPlugins",
+            [url]
+        );
+    });
+}
+  
+async function retrieveFilteredPlugins(filterState) {
     if (!filterState) return { items: [], hasMore: false };
 
     if (filterState.type === "orderBy") {
-      const page = filterState.nextPage || 1;
-      try {
-        let response;
-        if (filterState.value === "top_rated") {
-          response = await fetch(
-            withSupportedEditor(
-              `${constants.API_BASE}/plugins?explore=random&page=${page}&limit=${LIMIT}`,
-            ),
-          );
-        } else {
-          response = await fetch(
-            withSupportedEditor(
-              `${constants.API_BASE}/plugin?orderBy=${filterState.value}&page=${page}&limit=${LIMIT}`,
-            ),
-          );
-        }
-        const items = await response.json();
-        if (!Array.isArray(items)) {
-          return { items: [], hasMore: false };
+        const page = filterState.nextPage || 1;
+        try {
+            let url;
+            if (filterState.value === "top_rated") {
+                url = withSupportedEditor(`${constants.API_BASE}/plugins?explore=random&page=${page}&limit=${LIMIT}`);
+            } else {
+                url = withSupportedEditor(`${constants.API_BASE}/plugin?orderBy=${filterState.value}&page=${page}&limit=${LIMIT}`);
+            }
+
+            const items = await fetchPlugins(url);
+            filterState.nextPage = page + 1;
+            return { items, hasMore: items.length === LIMIT };
+        } catch (error) {
+            console.error("Failed to fetch ordered plugins:", error);
+            return { items: [], hasMore: false };
         }
-        filterState.nextPage = page + 1;
-        const hasMoreResults = items.length === LIMIT;
-        return { items, hasMore: hasMoreResults };
-      } catch (error) {
-        console.error("Failed to fetch ordered plugins:", error);
-        return { items: [], hasMore: false };
-      }
     }
 
-    if (!Array.isArray(filterState.buffer)) {
-      filterState.buffer = [];
-    }
-    if (filterState.hasMoreSource === undefined) {
-      filterState.hasMoreSource = true;
-    }
-    if (!filterState.nextPage) {
-      filterState.nextPage = 1;
-    }
+    if (!Array.isArray(filterState.buffer)) filterState.buffer = [];
+    if (filterState.hasMoreSource === undefined) filterState.hasMoreSource = true;
+    if (!filterState.nextPage) filterState.nextPage = 1;
 
     const items = [];
 
     while (items.length < LIMIT) {
-      if (filterState.buffer.length) {
-        items.push(filterState.buffer.shift());
-        continue;
-      }
+        if (filterState.buffer.length) {
+            items.push(filterState.buffer.shift());
+            continue;
+        }
 
-      if (filterState.hasMoreSource === false) break;
+        if (filterState.hasMoreSource === false) break;
 
-      try {
-        const page = filterState.nextPage;
-        const response = await fetch(
-          withSupportedEditor(`${constants.API_BASE}/plugins?page=${page}&limit=${LIMIT}`),
-        );
-        const data = await response.json();
-        filterState.nextPage = page + 1;
+        try {
+            const url = withSupportedEditor(`${constants.API_BASE}/plugins?page=${filterState.nextPage}&limit=${LIMIT}`);
+            const data = await fetchPlugins(url); // <-- java call
+            filterState.nextPage++;
 
-        if (!Array.isArray(data) || !data.length) {
-          filterState.hasMoreSource = false;
-          break;
-        }
+            if (!Array.isArray(data) || !data.length) {
+                filterState.hasMoreSource = false;
+                break;
+            }
 
-        if (data.length < LIMIT) {
-          filterState.hasMoreSource = false;
-        }
+            if (data.length < LIMIT) filterState.hasMoreSource = false;
 
-        const matched = data.filter((plugin) => matchesFilter(plugin, filterState));
-        filterState.buffer.push(...matched);
-      } catch (error) {
-        console.error("Failed to fetch filtered plugins:", error);
-        filterState.hasMoreSource = false;
-        break;
-      }
+            filterState.buffer.push(...data.filter(plugin => matchesFilter(plugin, filterState)));
+        } catch (error) {
+            console.error("Failed to fetch filtered plugins:", error);
+            filterState.hasMoreSource = false;
+            break;
+        }
     }
 
     while (items.length < LIMIT && filterState.buffer.length) {
-      items.push(filterState.buffer.shift());
+        items.push(filterState.buffer.shift());
     }
 
-    const hasMoreResults =
-      (filterState.hasMoreSource !== false && filterState.nextPage) ||
-      filterState.buffer.length > 0;
-
+    const hasMoreResults = (filterState.hasMoreSource !== false && filterState.nextPage) || filterState.buffer.length > 0;
     return { items, hasMore: Boolean(hasMoreResults) };
-  }
+}
 
   function matchesFilter(plugin, filterState) {
     if (!plugin) return false;
@@ -559,6 +546,7 @@ export default function PluginsInclude(updates) {
     return [];
   }
 
+  //auth token is not needed here as this endpoint only returns public plugins and the server handles the filtering based on supported editor
   async function getAllPlugins() {
     if (currentFilter) return;
     if (isLoading || !hasMore) return;
@@ -631,17 +619,68 @@ export default function PluginsInclude(updates) {
     );
     $list.installed.setAttribute("empty-msg", strings["no plugins found"]);
   }
+async function getOwned() {
+  $list.owned.setAttribute("empty-msg", strings["loading..."]);
 
-  async function getOwned() {
-    $list.owned.setAttribute("empty-msg", strings["loading..."]);
+  const disabledMap = settings.value.pluginsDisabled || {};
+  const addedIds = new Set();
+
+  // -------------------
+  // Google Play / IAP
+  // -------------------
+  try {
     const purchases = await helpers.promisify(iap.getPurchases);
-    const disabledMap = settings.value.pluginsDisabled || {};
 
-    purchases.forEach(async ({ productIds }) => {
-      const [sku] = productIds;
-      const url = Url.join(constants.API_BASE, "plugin/owned", sku);
-      const plugin = await fsOperation(url).readFile("json");
-      const isInstalled = plugins.installed.find(({ id }) => id === plugin.id);
+    await Promise.all(
+      purchases.map(async ({ productIds }) => {
+        const [sku] = productIds;
+
+        try {
+          const url = Url.join(constants.API_BASE, "plugin/owned", sku);
+          const plugin = await fsOperation(url).readFile("json");
+
+          if (!plugin || addedIds.has(plugin.id)) return;
+
+          const isInstalled = plugins.installed.find(
+            ({ id }) => id === plugin.id
+          );
+
+          plugin.installed = !!isInstalled;
+
+          if (plugin.installed) {
+            plugin.enabled = disabledMap[plugin.id] !== true;
+            plugin.onToggleEnabled = onToggleEnabled;
+          }
+
+          addedIds.add(plugin.id);
+          plugins.owned.push(plugin);
+          $list.owned.append(<Item {...plugin} updates={updates} />);
+        } catch (err) {
+          console.error("Failed to load owned IAP plugin:", err);
+        }
+      })
+    );
+  } catch (err) {
+    console.warn("IAP unavailable", err);
+  }
+
+  // -------------------
+  // Razorpay purchases
+  // -------------------
+  try {
+    const url = withSupportedEditor(
+      `${constants.API_BASE}/plugins?owned=true`
+    );
+
+    const ownedPlugins = await fetchPlugins(url);
+
+    ownedPlugins.forEach((plugin) => {
+      if (!plugin || addedIds.has(plugin.id)) return;
+
+      const isInstalled = plugins.installed.find(
+        ({ id }) => id === plugin.id
+      );
+
       plugin.installed = !!isInstalled;
 
       if (plugin.installed) {
@@ -649,12 +688,16 @@ export default function PluginsInclude(updates) {
         plugin.onToggleEnabled = onToggleEnabled;
       }
 
+      addedIds.add(plugin.id);
       plugins.owned.push(plugin);
       $list.owned.append(<Item {...plugin} updates={updates} />);
     });
-    $list.owned.setAttribute("empty-msg", strings["no plugins found"]);
+  } catch (err) {
+    console.error("Failed to fetch owned plugins:", err);
   }
 
+  $list.owned.setAttribute("empty-msg", strings["no plugins found"]);
+}
   function onInstall(plugin) {
     if (updates) return;
 
diff --git a/src/plugins/auth/plugin.xml b/src/plugins/auth/plugin.xml
index e6e3e448c..284e43d89 100644
--- a/src/plugins/auth/plugin.xml
+++ b/src/plugins/auth/plugin.xml
@@ -13,6 +13,7 @@
         <framework src="androidx.security:security-crypto:1.1.0" />
 
         <source-file src="src/android/Authenticator.java" target-dir="src/com/foxdebug/acode/rk/auth" />
+        <source-file src="src/android/PluginRetriever.java" target-dir="src/com/foxdebug/acode/rk/auth" />
         <source-file src="src/android/EncryptedPreferenceManager.java" target-dir="src/com/foxdebug/acode/rk/auth" />
         
            
diff --git a/src/plugins/auth/src/android/Authenticator.java b/src/plugins/auth/src/android/Authenticator.java
index 48bf3cc08..311ad65a0 100644
--- a/src/plugins/auth/src/android/Authenticator.java
+++ b/src/plugins/auth/src/android/Authenticator.java
@@ -8,12 +8,13 @@
 import java.net.HttpURLConnection;
 import java.net.URL;
 import java.util.Scanner;
+import org.json.JSONObject;
 
 public class Authenticator extends CordovaPlugin {
-    // Standard practice: use a TAG for easy filtering in Logcat
     private static final String TAG = "AcodeAuth"; 
     private static final String PREFS_FILENAME = "acode_auth_secure";
     private static final String KEY_TOKEN = "auth_token";
+    private static final String API_BASE = "https://acode.app/api";
     private EncryptedPreferenceManager prefManager;
 
     @Override
@@ -42,6 +43,55 @@ public boolean execute(String action, JSONArray args, CallbackContext callbackCo
                 prefManager.setString(KEY_TOKEN, token);
                 callbackContext.success();
                 return true;
+            case "fetchWithToken":
+                cordova.getThreadPool().execute(() -> {
+                    try {
+                        String url = args.getString(0);
+
+                        String result = PluginRetriever.fetchWithToken(
+                            url,
+                            prefManager.getString(KEY_TOKEN, null)
+                        );
+
+                        if (result != null) {
+                            callbackContext.success(result);
+                        } else {
+                            callbackContext.error("Request failed");
+                        }
+
+                    } catch (Exception e) {
+                        Log.e(TAG, "fetchWithToken error: " + e.getMessage(), e);
+                        callbackContext.error(e.getMessage());
+                    }
+                });
+                return true;
+            case "downloadPlugin":
+                cordova.getThreadPool().execute(() -> {
+                    try {
+                        PluginRetriever.downloadPlugin(
+                            prefManager.getString(KEY_TOKEN, null),
+                            args.getString(0),
+                            args.getString(1),
+                            callbackContext
+                        );
+                    } catch (Exception e) {
+                        Log.e(TAG, "downloadPlugin error: " + e.getMessage(), e);
+                        callbackContext.error("Error: " + e.getMessage());
+                    }
+                });
+                return true;
+            case "fetchPlugins":
+                cordova.getThreadPool().execute(() -> {
+                    try {
+                        String url = args.getString(0);
+                        JSONArray items = PluginRetriever.fetchJsonArray(url, prefManager.getString(KEY_TOKEN, null));
+                        callbackContext.success(items != null ? items : new JSONArray());
+                    } catch (Exception e) {
+                        Log.e(TAG, "fetchPlugins error: " + e.getMessage(), e);
+                        callbackContext.error("Error: " + e.getMessage());
+                    }
+                });
+                return true;
             default:
                 Log.w(TAG, "Attempted to call unknown action: " + action);
                 return false;
@@ -113,13 +163,12 @@ private void getUserInfo(CallbackContext callbackContext) {
     private String validateToken(String token) {
         HttpURLConnection conn = null;
         try {
-            Log.d(TAG, "Network Request: Connecting to https://acode.app/api/login");
-            URL url = new URL("https://acode.app/api/login");  // Changed from /api to /api/login
+            URL url = new URL(API_BASE + "/login");
             conn = (HttpURLConnection) url.openConnection();
             conn.setRequestProperty("x-auth-token", token);
             conn.setRequestMethod("GET");
             conn.setConnectTimeout(5000);
-            conn.setReadTimeout(5000);  // Add read timeout too
+            conn.setReadTimeout(5000);
             
             int code = conn.getResponseCode();
             Log.d(TAG, "Server responded with status code: " + code);
diff --git a/src/plugins/auth/src/android/PluginRetriever.java b/src/plugins/auth/src/android/PluginRetriever.java
new file mode 100644
index 000000000..d0ab4cdc7
--- /dev/null
+++ b/src/plugins/auth/src/android/PluginRetriever.java
@@ -0,0 +1,183 @@
+package com.foxdebug.acode.rk.auth;
+
+import android.util.Log;
+import org.apache.cordova.CallbackContext;
+import org.json.JSONArray;
+import org.json.JSONException;
+import org.json.JSONObject;
+import java.net.HttpURLConnection;
+import java.net.URL;
+import java.util.Scanner;
+import android.content.Context;
+import java.io.File;
+import java.io.InputStream;
+import java.io.FileOutputStream;
+
+public class PluginRetriever {
+    private static final String TAG = "AcodePluginRetriever";
+    private static final String SUPPORTED_EDITOR = "cm";
+
+    
+    private static String withSupportedEditor(String url) {
+        String separator = url.contains("?") ? "&" : "?";
+        return url + separator + "supported_editor=" + SUPPORTED_EDITOR;
+    }
+
+
+    public static String fetchWithToken(String urlString, String token) {
+        HttpURLConnection conn = null;
+
+        try {
+            URL url = new URL(urlString);
+            conn = (HttpURLConnection) url.openConnection();
+
+            conn.setRequestMethod("GET");
+            conn.setConnectTimeout(10000);
+            conn.setReadTimeout(10000);
+
+            if (token != null && !token.isEmpty()) {
+                String host = url.getHost();
+
+                // Only send token to trusted domains
+                if (host != null &&
+                    (host.equals("acode.app") ||
+                    host.endsWith(".acode.app"))) {
+
+                    conn.setRequestProperty("x-auth-token", token);
+                } else {
+                    Log.w(TAG, "Skipping token for untrusted host: " + host);
+                }
+            }
+
+            int code = conn.getResponseCode();
+
+            if (code != HttpURLConnection.HTTP_OK) {
+                Log.w(TAG, "HTTP " + code + " for " + urlString);
+                return null;
+            }
+
+            Scanner scanner =
+                new Scanner(conn.getInputStream(), "UTF-8")
+                    .useDelimiter("\\A");
+
+            String body = scanner.hasNext()
+                ? scanner.next()
+                : "";
+
+            scanner.close();
+
+            return body;
+
+        } catch (Exception e) {
+            Log.e(TAG, "fetchWithToken error: " + e.getMessage(), e);
+            return null;
+
+        } finally {
+            if (conn != null) conn.disconnect();
+        }
+    }
+
+
+    public static void downloadPlugin(String token, String pluginUrl, String destFile, CallbackContext callbackContext) {
+        HttpURLConnection connection = null;
+
+        try {
+            // Strip file:// prefix if present
+            if (destFile.startsWith("file://")) {
+                destFile = destFile.substring(7);
+            }
+
+            URL url = new URL(pluginUrl);
+            connection = (HttpURLConnection) url.openConnection();
+            connection.setRequestMethod("GET");
+            connection.setConnectTimeout(15000);
+            connection.setReadTimeout(30000);
+
+            if (token != null && !token.isEmpty()) {
+                String host = url.getHost();
+
+                if (host != null &&
+                    (host.equals("acode.app") || host.endsWith(".acode.app"))) {
+                    connection.setRequestProperty("x-auth-token", token);
+                }else {
+                    Log.w(TAG, "Not adding auth token for untrusted URL: " + url);
+                }
+            }
+
+            connection.connect();
+
+            int responseCode = connection.getResponseCode();
+            if (responseCode != HttpURLConnection.HTTP_OK) {
+                callbackContext.error("HTTP error: " + responseCode);
+                return;
+            }
+
+            File tempFile = new File(destFile);
+
+            try (
+                InputStream inputStream = connection.getInputStream();
+                FileOutputStream outputStream = new FileOutputStream(tempFile)
+            ) {
+                byte[] buffer = new byte[4096];
+                int bytesRead;
+
+                while ((bytesRead = inputStream.read(buffer)) != -1) {
+                    outputStream.write(buffer, 0, bytesRead);
+                }
+            }
+
+            callbackContext.success();
+
+        } catch (Exception e) {
+            callbackContext.error("Download failed: " + e.getMessage());
+
+        } finally {
+            if (connection != null) {
+                connection.disconnect();
+            }
+        }
+    }
+
+
+    public static JSONArray fetchJsonArray(String urlString, String token) {
+        HttpURLConnection conn = null;
+        try {
+            Log.d(TAG, "Fetching: " + urlString);
+            URL url = new URL(urlString);
+            conn = (HttpURLConnection) url.openConnection();
+            conn.setRequestMethod("GET");
+            conn.setConnectTimeout(5000);
+            conn.setReadTimeout(5000);
+
+            if (token != null && !token.isEmpty()) {
+               String host = url.getHost();
+
+                if (host != null &&
+                    (host.equals("acode.app") || host.endsWith(".acode.app"))) {
+                    conn.setRequestProperty("x-auth-token", token);
+                }else {
+                    Log.w(TAG, "Not adding auth token for untrusted URL: " + url);
+                }
+            }
+
+            int code = conn.getResponseCode();
+            if (code != 200) {
+                Log.w(TAG, "Non-200 response (" + code + ") for: " + urlString);
+                return null;
+            }
+
+            Scanner s = new Scanner(conn.getInputStream(), "UTF-8").useDelimiter("\\A");
+            String body = s.hasNext() ? s.next() : "[]";
+            s.close();
+            return new JSONArray(body);
+        } catch (Exception e) {
+            Log.e(TAG, "fetchJsonArray error: " + e.getMessage(), e);
+            return null;
+        } finally {
+            if (conn != null) conn.disconnect();
+        }
+    }
+
+  
+    
+}
\ No newline at end of file