Can API Token Purchase check be centrilized on my Server as a Theme Author?

wztechno · May 4, 2017, 3:18pm

Hello,

I am selling a theme on themeforest, and I want to code a secure check of customers purchasing my theme before allowing them to import demo.

Using new API Envato, it is prety easy to get a list of all purchases. The down side of this way, is that any customer who knows some PHP can easily alter the code and then use import without actually purchasing the theme.

I had another idea, of cenrilizing the purchase check on my server, where the theme will send the API token to my server, then my server checks if this token is good or no, and accordingly return the demo data to the theme or no.

My question, is that allowed by Envato ? Also will many repetitive pull requests from my server cause a block from API onto my server?

Any help from great authors out there is highly appreciated.

Thanks in advance

baileyherbert · May 4, 2017, 7:48pm

As long as the theme itself can be used without proving purchase, then it’s not an issue AFAIK. As for getting blocked by the API, each app has a request limit (per hour I believe) but if you use caching and a database to track information then you shouldn’t need to send many API requests.

wztechno · May 4, 2017, 8:06pm

Ohh great information indeed… Thank you so much !

azelab · May 4, 2017, 8:23pm

Interesting hear official reply

wztechno · May 4, 2017, 8:36pm

yes me too… because we really need a solid way to validate real purchases… it is almost impossible to stand among thousands of people who steal our work