Support » Plugin: License Manager for WooCommerce » How to activate license key from the customer side?

  • Resolved Mxlaxe

    (@mxlaxe)


    First, I would like to say thank you for such a beautiful plugin. It looks well designed. I’ve played with your plugin a bit to figure out how it works but I can’t get around some detail although I went through the doc.

    One thing that is missing IMO in the documentation is a concrete example on how to activate a license key from the customer side.

    The API requires 2 parameters: the consumer_key and consumer_secret. So let’s say, my customer is buying my product and get the following license key: 85C1-B72D-91OI-6J84. Ok.

    In the REST API settings I can generate API keys, but for a specific user only.

    Since the customers only get their license key when buying a product, should I create only one REST API consumer_key and consumer_secret for one account and hard code it inside my paid plugins?

    This is the one thing I can’t get around. Basically I want to sell licenses for wordpress plugins and in my admin pages I will have an activation form using only the license key the customer bought.

    What should I do to have your plugin work in this way ?

    Thank you!

Viewing 15 replies - 1 through 15 (of 15 total)
  • Plugin Author Drazen Bebic

    (@drazenbebic)

    Hello @mxlaxe,

    thank you for your message and for the interest in my plugin.

    The plugin documentation is really behind, I know, I know 🙂 However, there will be a huge plugin update coming on the 1st of September (in 3 days). This will overhaul the complete plugin code, add new features, fix bugs, and so on. After this version is out and everything works smoothly, I will continue the work on writing a solid plugin documentation. This documentation will consist of a plugin handbook, with details on how to use all the plugin functionality, and a plugin codex, detailing the plugin code and how you can extend the plugin functionality.

    Now onto your problem…

    I think that there is a major design flaw you might, or might not have considered with the plugin licensing.

    If all the business logic is inside the plugin, what’s to stop anyone from downloading your plugin, removing the activation code, and using it without paying? That wouldn’t work, if the business logic is handled by a remote service, with which your plugin communicates. However, if this is not the case let’s see what I can do for you.

    I suggest that you wait until Sunday. As I mentioned I’m releasing a major plugin update which will work in your favor. You can then just generate an API Key, store it in your plugin, and then deactivate all the API endpoints, except for the licensing activation (the only one you will need I assume).

    Hey thank you for your reply, I’m looking forward to seeing about the new version.

    As for my “logic”, the point is not to have a 100% crack-proof software. As you know it, any wordpress plugin is sold with its source code and anyone with the required skills can “null” your plugin.

    For my use, the main point of the licensing system would be to allow the customer to be provided updates and support for a certain period of time.

    As far as I know, this is how most of the paid wordpress plugins work. There always will be a handful of people that will get around your software’s protections but I am willing to accept it. Plus, they won’t get to download the latest updates.

    So my question is, can your plugin fit the following scenario ?
    1. The customer buys a license key from my website
    2. The customer downloads my product and installs it on its wordpress website
    3. The customer inputs the license key in the admin and sends a request through the API to validate it.
    4. The API sends back a positive validation
    5. The customer is happy and can fully enjoy the plugin.
    —AFTER THE LICENSE EXPIRES
    6. The customer cannot download updates anymore but still can use the plugin he bought.

    Plugin Author Drazen Bebic

    (@drazenbebic)

    Hello @mxlaxe,

    let’s go through your scenario step by step to make sure it works.

    1. Unrelated to my plugin
    2. Unrelated to my plugin
    3. Possible. You would have to create an API key with READ permissions, as those are allowed to activate license keys. Then, I would recommend that you disable the plugin API routes which you don’t need (all the old v1 routes, and don’t forget to disable v2/licenses which returns a list of ALL license keys in the database.
    4. Possible. The API response is either the activated license key, or if it can’t be activated, an error
    5. I sure hope the customer is happy 🙂
    6. The expiration date is sent with the response in step 4. You would have to save this expiration date somewhere in your plugin code, and then perform a check to see if it’s still valid. If not, disable plugin functionality.

    So yeah, I think that this could work for you 🙂

    However, I would strongly recommend for you to wait until Sunday. Because on Sunday I am releasing the 2.0.0 Version of my plugin, which will introduce the new v2 API routes, and you should absolutely use those. The v1 routes are still there to maintain compatibility. However, as of Sunday they will be deprecated and will eventually be entirely removed.

    PS: Once you start using the plugin plugin, I would be extremely happy if you took some time out of your day to write a plugin review here on WordPress.org. Those reviews really help the plugin to grow and mean a lot to me personally.

    Hey Drazen,

    Thank you again for the detailed answer! I will sure rate your plugin after I use the upcoming version.

    So if I understand it should be doable without too much trouble. I will try to implement it soon and let you know how it worked out 😉

    I’m quite excited to have it all working as this is the missing piece of the puzzle to complete my project!

    Plugin Author Drazen Bebic

    (@drazenbebic)

    @mxlaxe,

    The new version is out, please update your plugin and check it out 🙂

    I will close the topic and mark it as resolved, as the original question has been answered.

    @drazenbebic,

    I checked your new version, it works well and I’ve started using it to make it work as I wished.

    However, I can activate a license multiple times from the same referrer.
    If a license can be activated 10 times, then the same referrer can activate it 10 times, which is not right. I would like to bind 1 activation = 1 domain name.
    Basically 1 license key valid for 10 activations should accomodate 10 different websites.

    I have checked your code and your database structure, and what I am looking for does not seem possible for now. Any thoughts about it ?#

    Thank you

    Plugin Author Drazen Bebic

    (@drazenbebic)

    Hello @mxlaxe,

    that could be tricky.

    I plan to add an extra validation filter, which will allow you to perform additional authentication or data validation before the API request is processed any further.

    That way you could check the domain from where the request was sent, however you need to match it against a list of domains which has to be stored per license key.

    May I ask, how do you obtain the list of domains which are allowed for activation? Is that something the user inputs while purchasing the license keys or is it a manual process?

    Thanks for the fast reply!

    I was thinking of adding an extra field to your database and store each domain per license as a json array or add another table…

    The linked domain would simply be fetched from the http headers from the GET request. And if not possible for some reason, it could be added programatically in the “data” array using some php before sending the actual request.

    Anyhow, the user would not have to do anything.

    • This reply was modified 2 months, 3 weeks ago by Mxlaxe.
    • This reply was modified 2 months, 3 weeks ago by Mxlaxe.
    Plugin Author Drazen Bebic

    (@drazenbebic)

    @mxlaxe,

    I am also now thinking of adding some sort of “meta” table for the license keys with get/set functions, a la WordPress. This would help developers like yourself to more easily store additional information about license keys.

    That way, you would need to fill in the domains in the new meta table, then write a custom validator for the request so that the data actually gets checked.

    Would that work for you?

    @drazenbebic,

    That could work, as long as I can pass the domain name from either the headers or a custom field within the data array.

    Now any idea how much time would this extra functionnality require for you ? You may be busy these days and this may not be your priority.

    I just need to figure this out quickly so that I can implement it in my application or not. So far your plugin has been the best I have found. Well coded, integrates nicely with woocommerce, and I would be happy to stick with it if I could.

    Cheers!

    • This reply was modified 2 months, 3 weeks ago by Mxlaxe.
    Plugin Author Drazen Bebic

    (@drazenbebic)

    @mxlaxe,

    Honestly, I really don’t know. I actually even broke a few promises I made to get the 2.0.0 version out. I promised that it would contain features that aren’t there and pushed them to 2.1.0, I first need to tackle those.

    Hmm, let’s see. I can probably fix this up in a few days on the DEV branch. Would you be comfortable with using the DEV version if it contains the needed features?

    @drazenbebic

    I understand, no pressure though. I just asked to have a rough idea of what to expect. Otherwise I would figure it out myself.

    I don’t mind using a DEV branch as long as I can work with it. Then I can wait for a stable version at a later time.

    Thank you

    Plugin Author Drazen Bebic

    (@drazenbebic)

    @mxlaxe,

    alright then, I’ll fix this up and let you know as soon as it’s available on the DEV branch.

    @drazenbebic
    Awesome! thank you for the great work into this community.

    Plugin Author Drazen Bebic

    (@drazenbebic)

    Hello @mxlaxe,

    I am terribly sorry that this took so long, but it is finally available on the DEV branch on the GitHub repo.

    You now have add/get/update functions for a custom meta table, very much like the standard post meta functionality.

    If you still need this let me know.

Viewing 15 replies - 1 through 15 (of 15 total)
  • You must be logged in to reply to this topic.