K
K
kuzyairon2020-05-06 12:03:05
API
kuzyairon, 2020-05-06 12:03:05

How to provide the goods to the buyer by API key?

The bottom line is this.
I am making an online store through Wordpress, after the buyer pays, he receives a message in the mail about the purchase of goods, there is a key in the letter, which he must activate with a POST request on the site. The key must be one-time and non-repeating, and the key must also have a time limit. Payment goes through Free-kassa
Questions are as follows:
How can I generate the key itself? What plugins exist for this?
How can a client authenticate with a key?
How to create a key (link) liveness time frame?
Do I need to load the keys themselves into the database for activation?

It should be something like this
site.ru/Home/Item/?key=PuZ0e36nAxIWIQDFklDf

As far as I understand, everything is done through the API, but I could be wrong

Answer the question

In order to leave comments, you need to log in

2 answer(s)
P
Pavel, 2020-05-06
@PavelFokeev

Payment goes through Free-kassa

After payment, information about the payment comes to your script-processor. You check it, and if everything is OK (the hash matches, the amount is needed, etc.) - generate a key and save it in the database, sending it to the client's mail.
How can I generate the key itself? What plugins exist for this?
PHP standard functions, google "generate pass php"
How can a client authenticate with a key?

Write a script that checks the key passed via GET to the database (the presence of this key in the database, its lifetime), and if everything is OK, it returns the result in the form of a product.

V
Vladimir Druzhaev, 2020-05-07
@OtshelnikFm

The Software License Manager plugin does a few things.
But I wrote this myself using headless wordpress and rest api - it's easier to control. And the process is completely automatic - without my participation.
There are no tricks: at the time of payment, generate a password, send it to the client. He enters it in his form of activation of your theme plugin - the request goes to your site. You check the activation, set the activated flag and record the domain that came. Send him rudely saying "ok". on the client side, I saw this script Ok and unlocked the functionality, writing in the option that the license had passed.
Temporary activation - write the activation date and the license term in separate database tables. You check with an hour crown for example. If the license has expired - send a request to the client server - and there write to the database that the license has expired. This outputs either a message or a blocking functionality. But blocking the work of a functional right away is a bad practice. You can ruin someone's business without warning. This will affect your reputation as a store and developer. Eventually, you will be bypassed. I wouldn't like it.
Another question is what php to protect and type to activate with keys - a student can get around this. But the studios that want to hack the activation and massively install zero plugins / themes to their clients will face legal liability. So this is protection mainly from completely inexperienced and from web studios. But not all studios understand that it is impossible to hack part of the application, although this is under the GPL license.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question