Allow user to update once they verify purchase

i would like to know about handling the update for my wordpress theme . I want user to be able to update the theme, once available, without using third party app. I think avada is having this feature.

i think token system is about to removed? Mainly my doubts are listed below

  1. How does the verification works ( API?)
  2. How does the authorization work to get theme link to make an upgrade? any documentation?( are step 1 and step 2 linked? asking because user can change the code in step 1 and get update without having a valid purchase )

Please do not suggest third party plugins also i am not asking for complete code , i will code it my self if i am able to understand the process. :slight_smile:


Hi @latheeshvmv,

Envato has an API which you can use to verify a purchase, check for item updates, and download items. The documentation can be found here:

This API is not going to be removed – there is a very old legacy API that we’re about to decommission, but that’s something different.

Your app can authenticate with the API via standard oauth mechanisms, or with a personal token. There are upsides and downsides to both approaches, so have a read of the docs to decide which is the best for you.

The methods you’ll want to call are in the “Private User Details” section of the API documentation linked above. There are a few ways to list and validate purchases, and a download method as well.

Good luck!


Hello @rosssimpson,

Thanks that helps!

so i have to use api, and get private user details , the code a method to download and activate theme?(Does envato have something?)

version can be checked by api again…

but api access is limited to certain duration do the user have to authorize to get an update every time?

@latheeshvmv We do have a plugin we distribute that will allow users to enter their API credentials and it will automatically update their items. See Envato Market WordPress Plugin.

If you use oauth authentication, the flow goes something like this:

  1. Create new oauth app at
  2. Authenticate the user & they grant access
  3. Exchange one-time code for an access token & refresh token pair
  4. Use access token to request a resource from the API
  5. When access token expires, use refresh token to generate a new access token
  6. Use new access token to request a resource

You’ll need to store the access token, refresh token, and timestamp somewhere under your control (not in a theme/plugin). Once you’ve implemented this, the user does not have to re-authorize. The next time they visit your app, if the access token is expired you can generate a new one using the refresh token.

I hope this answers your questions!


@rosssimpson. thank you :slight_smile: I got the work process