Support » Plugin: License Manager for WooCommerce » API Questions

  • Resolved YeKen

    (@aliakro)


    Hi,

    Me again, can I ask a couple of questions? I’ve set Postman up and an API key and posting data to:

    https://{my-url}/lmfwc/v1/licenses?

    Yet I keep getting a 404? Do I need to do something to turn the API end points on? 🙂

    I also need to ship my plugin with an API key ( consumer key / secret ) with READ only permissions. Is this safe in your opinion? I the plugin to validate a license 🙂

    Cheers,

    ALi

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Author Drazen Bebic

    (@drazenbebic)

    Hello @aliakro,

    What does your base URL look like? The full URL should be something like:

    https://www.example.com/wp-json/lmfwc/v1/licenses?consumer_key=CONSUMER_KEY&consumer_secret=CONSUMER_SECRET

    I think it is safe enough if you give it READ only permissions. Will you also activate license keys with your plugin?

    Ah! I’m an idiot! Sorry… forgot wp-json!

    Plan is for Woocommerce to take payment, generate the key and then the user can add it into the license section of the plugin. IT will then call out to your plugin to ensure it is valid and if so, activate it 🙂

    Might be worth adding the wp-json in the documentation? 🙂

    {{host}}/wp-json/lmfwc/v1/licenses?

    Thinking about it, I might need to write something to wrap around your API… with an API key I can get all licenses etc

    Plugin Author Drazen Bebic

    (@drazenbebic)

    Yes, definitely! I think my host variable included the wp-json. I will fix this.

    But if the plugin performs the check from inside itself, people can just edit the part where it calls to the plugin API and return a valid response.

    Or am I understanding this wrong?

    Yeah, it’s not the most secure… mmm maybe I should move to having a downloadable product…

    Would you consider adding scopes to API calls? For example, an API key could be set to only be allowed to activate?

    Plugin Author Drazen Bebic

    (@drazenbebic)

    Yes, I was just considering the same thing. I’ll definitely look into this, good thinking!

    Ah perfect… I might need to rethink how to implement this for now 🙂

    Cheers,

    Ali

    Thanks

    Plugin Author Drazen Bebic

    (@drazenbebic)

    @aliakro,

    is everything working as expected? Do you need further assistance?

    I think for now, I’m going to avoid the API activate / deactivate etc until I can control which endpoints are accessible. I was thinking of writing nginx rules to block certain URLs or hook in and use WP to deregister endpoints.

    Then I decided the simplest way would be to write a small plugin, that I can ideally wrap around your plugin. This plugin would then filter your generator with my own, so I could then reduce the work required in my plugins (as my license would work out the box).

Viewing 12 replies - 1 through 12 (of 12 total)
  • You must be logged in to reply to this topic.