Envato Api call with asp.net core!!!

HI !
I am creating a project with asp.net core technology and got the personal token from Envato

this is my code below :

            var varRestClient = new RestClient("https://api.envato.com/v1/market/total-items.json");
            var restRequest = new RestRequest(Method.GET);
            restRequest.AddHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; 
             rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13");
            restRequest.AddHeader("Authorization", "Bearer MY_TOKEN");
            IRestResponse varRestResponse = await varRestClient.ExecuteTaskAsync(restRequest);

I called /total-items api to test my app (and sure my token has the permission) but the api keeps response with 500 error ( internal server error ) but i get the right response with POSTMAN app

Is it possible that Envato just response to PHP calls only ?
Am I missing something ?
Can you guys help me out with it please ?

Your code is working fine for me. There should be no reason for the Envato API to return a 500 error, are you sure the 500 error is not coming from your side? Or perhaps there was a short outage, can you try it again?

I will say that you should either remove or change your user-agent header though! Those experienced with web scraping may feel inclined to use a browser agent out of habit. However, doing so in this case could render your requests blocked, as these API requests should never come from browsers.

Here’s a valid example:

User-Agent: Tracking total marketplace items (yourwebsite.com)
1 Like

Oh my god!
now the train starts to move a bit :smiley:
thank you so much!
so I removed this line entirely and it works fine

 restRequest.AddHeader("User-Agent", "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; 
             rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13");

response :
image

now I have another problem :smiley:

I am new here and I do not have any item in market that anyone buy it to get purchase code and test my purchase code verification part. there should be a dummy code to test right ?!
if there is not how i can ensure that my project works and continue for publish my product to the end …

1 Like

Great! :smiley:

There is currently no official way to test your purchase verification script. I have a public sandbox that I use for myself, you’re free to use it if you’d like.

Use the below URL when testing your script. Also, please remove your real personal token from the request before sending it. This sandbox does not need an Authorization header at all, so you can comment it out.

https://sandbox.bailey.sh/v3/market/author/sale?code=xxxxxxxxxxxxxxxx

Then test your app with these purchase codes:

  • Real purchase code: 86781236-23d0-4b3c-7dfa-c1c147e0dece
  • Fake purchase code: 94252c00-df24-4cf5-99dd-49fc17e23043
  • Improper code: 02b6429f-9274-9a70-03ce49bc5a48

The source code for this sandbox is here if you want to self-host it: Mock purchase code validation · GitHub

2 Likes

I dont know how to thank you for the best and fastest reply I ever seen in entire internet world!
you are awesome!!

Respect

1 Like

Hi!
I was developing the Activation program for my product then I got that the verification of Purchase Code is not enough to prevent customer (the bad ones) use my product in multiple machines
the username can change too and we cannot rely on it.
I was wondering , Is there any algorithm that someone create for this problem before so people like me do not reinvent the wheel here ?

For product activation, you wouldn’t track the username but rather the individual purchase code. There are a lot of things you should carefully consider here before you proceed.

It’s important to note that you aren’t really allowed to prevent your buyer from installing the product under some circumstances. The license is based on “end products” and it’s completely feasible that a buyer may install your product more than once simultaneously for a single end product – for example, on development, staging, and production servers.

Also recognize that buyers do sometimes reinstall products and will need the license cleared in these cases. Will you require them to contact you? That’s going to harm your user experience, but the alternative (allowing them to clear it themselves) opens you up to “abuse”.

For me personally, I take a very lenient approach on these things and focus on user experience. I don’t strictly enforce a number of installations, instead I simply track installations and keep an eye out for blatant abuse. I also don’t require buyers to activate my scripts, it’s only useful for automatic updates. My sales never suffered from this leniency as far as I could tell. :+1:

That said, limiting activations will require you to develop some sort of API for your products. You will then typically allocate an API key for each installation that can be revoked from your end. Just be careful and consider the future – e.g. if your API goes down, will the product still work?

1 Like

Ok let me be clear with you!
I was considering the reinstalling in the same machine and so many scenarios might be happen for honest user to reinstall my .ZXP and they need to register the purchase code and e-mail or etc. over again and again for any reason.
but at the end , you are right !
my way was call the network API on every use of extension then I thought what if internet goes down on client ?
but I saw this too

it is like they make the hard part but I do not know what is happening in the back-end.
maybe they just record their customers machine info like mac-Address or ip-address or etc. to track the single machine installing but what if the user buy purchase code for multi client use (if there is such a thing in envato)

  • so I become to start thinking over again about activation part.
    Do you think I just get the purchase code verification and if it is OK let the customer continue the journey and dont mind the other things ?

Alright, so this is some sort of Adobe extension? The VideoHive Tools License states that extensions may only be installed on two separate machines at once. What’s the exact category you’re looking to upload into? We can double check the terms.

My experience with Envato license activation is in web scripts rather than software. I have implemented licensing on desktop software before though. I simply fetched a unique key from my licensing server after initial setup and wrote it to a file in their roaming directory (like %appdata%). When internet is available, check it for validity on the licensing server. If there was a problem then it would pester the user until they fix it, but they could continue using the software.

Not foolproof by any means - you could simply share that license file hidden away in the roaming directory. But that’s where monitoring comes in, when your system detects 12 machines using the same key at once… :rofl:

Tracking the IP address is not an ideal method because many service providers issue dynamic IP addresses that can change periodically. Some users also may use a VPN which may change it far more frequently.

Tracking hardware identifiers is also questionable… because of privacy for one, but also because of things like roaming, portable apps, and perhaps drive swapping, all of which would cause a conflict with your licensing but aren’t violations of the license or device limit.

Totally up to you, but you seem to be a new author, right? My recommendation for new authors is always to prioritize making a quality product and getting it approved, then worry about licensing afterwards, either in an update or for your next product. :wink:

1 Like

It is After effects Extension with html/javascript/cep and Yeah I am new here :smiley:
I have done the Developing of my product and it is just the licensing issue left, but good Idea, I can put it on updates and maybe on my next products (well said thank you).
the main project took me about 6 month after I finished one day I read an article in envato that i dont remember the link it said that I should be responsible about robbery of my product then I start making a mechanism to license thing.
all the thing you told me about Ip and Mac address is right
dont you think you guys should make algorithm or Api for extension developers to license the products under Envato Market not the external server and projects, in this way the customers info will be safe there with you guys and the licensing mechanism will be safe and clean Under the supervision of a strong team.
by the way I just check the “Purchase Code” for now until I find a good way to prevent my product robbery,
at the end, I have to say I just got relief and happy to know i have friend like you there to help me out in stressful developing times , Thank you so much

Respect

1 Like

The Tools License applies to After Effects extensions so definitely give it a look. In short, the license states that the buyer can only use your software on 1 computer at a single time, and can install it on 2 different machines simultaneously.

Here’s how I would implement something like this:

Click to expand

I would ask the user to enter a purchase code. It would send the code to my API, and I would record the purchase details in my database. Then, I would allocate a unique key to the user (which is tied to their purchase code) for that specific installation and it would be saved to their machine somewhere.

When they start the program again, it would send that unique key to my API and check for validity. If there is an error completing the request (e.g. no internet or the API is down) then it would allow the user to keep using the software. But if the unique key comes back invalid, then they are asked for a purchase code again… the unique key is also removed from the machine so they are still prompted for a code next launch, even if they disconnect.

On the API side, it would keep an eye on the number of “unique keys” allocated for a single purchase code. When a user tries to activate your software and they already have 2 unique keys allocated, it will give them a visual interface asking them to choose one to deactivate.

Regarding that last point (a visual interface asking them to choose one to deactivate) - I have done something similar for my CodeCanyon scripts. It looks like this: https://i.bailey.sh/sxwfxEt.png (although it secretly allows you to install several times on localhost and test domains without counting against a license)

Mine lists all of their licenses because I use OAuth. For your extension, instead of showing different licenses, it would show their installed machines, maybe with their machine name or the last time the unique key was used to help discern between the computers?

Anyway, this all gets somewhat complicated, and it becomes increasingly difficult to implement a licensing system “correctly” when you start accounting for edge cases and UX. I completely agree with your current stance of simply checking the purchase code for validity now, and worrying about device limits later.

I know the Envato team is looking into ways they can improve the current system, but I don’t have any details on that (or when we can expect changes). I do agree that this stuff shouldn’t be left entirely to authors though, it makes for very bad UX and causes a lot of frustration for buyers as evidenced by countless threads here on the forums. :stuck_out_tongue_winking_eye:

No problem mate. I’m always here to help! If you ever make a new thread related to the API, just tag it with #envato-api like you did with this one, and I’m guaranteed to see it. :+1:

1 Like

So I read this and find some good stuff from your replies Thank you so much!

Here’s how I would implement something like this

I decide that to just make / Register user / AND / Check User/ controller services and nothing more for first step

the flow is like this :

RegisterNewUser(string purchaseCode, string machineId, AuthorSale authorSaleInfo (envato DTO model), string appName)
        {
            var saleCodes = GetAllSaleCodes(purchaseCode, machineId);

            if (authorSaleInfo.SaleItem.name.ToLower() != appName)
            {
                return Result(false, "Wrong extension registration!");
            }

            if (saleCodes.Count == 1)
            {
                if (saleCodes.CustomerMachine.machineName == machineId
                    && saleCodes.Activate == true)
                {
                    return Result(true, saleCodes.ActivateCode);
                    //ActivateCode will go to client machine and save in some path for future check
                }
                else if (saleCodes.CustomerMachine.machineName == machineId
                    && saleCodes.Activate == false)
                {
                    return Result(false, " extension is deactivated cause of security issue, contact us to solve it immediately! Email@support.com");
                }
                else if (saleCodes.CustomerMachine.machineName != machineId) {
                    return Result(false, " extension is activated for another machine right now, to activation current machine contact us!  Email@support.com");
                    // or make this automatically with user choice without contacting us
                }
            }
            else if (saleCodes.Count > 1)
            {
                return new ServerResult(false, "More than one Machine Registered, contact us to solve it 
                immediately!\n Email@support.com");
                // do you think I should deactivate the extension here ? for example there is 2 registration with this purchase code in my database
            }
               var activationCOde = CreateNewActivationCode() //combination of purchase code and machine Id some how...
               RegisterUserInDatabase(activationCOde )
               return activationCOde ; // to store in client machine
}

And for check the extension validity, I think we can check it every time client start the extension ( if the network is ok and no network error happened ).
Two things might happen :
1- server result is “OK” (it means that the machineID and ActivationCode that created in Register time is match and ok).
2- server result is “NOT OK”, in this part I can do one of these

(which one you think is better for user interface experience?)

What do you think about the whole thing ?

That’s completely up to you :sweat_smile:
If you’re not 100% certain that your code will work, perhaps you could go with #2 (for now) until you have a few sales and see that it’s working as expected, then switch to #1.

I have some points for your code though:

else if (saleCodes.Count > 1)
{
    return new ServerResult(false, "More than one Machine Registered, contact us to solve it immediately!\n Email@support.com");
    // do you think I should deactivate the extension here ? for example there is 2 registration with this purchase code in my database
}

Remember that the license allows them to install the extension on two machines, so this should be checking for if (#installations > 2).

var activationCOde = CreateNewActivationCode() //combination of purchase code and machine Id some how...

If you have a backend database, you could just generate a random UUID for each installation and record it. See: Generate a UUID in C# - I imagine a table that looks like this:

         table `activation_codes`
+============================================+
| Field           | Type           | Key     |
+=================|================|=========+
| activation_code | varchar(36)    | primary |
| purchase_code   | varchar(36)    | index   |
| machine_id      | varchar(255)   |         |
| activated_at    | datetime       |         |
| connected_at    | datetime       |         |
+============================================+

That would make it easy to check for multiple installations. Just query the purchase code and see how many activation codes come back (should be <= 2). If there are 3 or more, you can also use the connected_at field to automatically deactivate the least active one, for example. :wink:

1 Like

Good to mention that I forgot it :smiley:

Best option :+1:

So the whole thing is ok and we can take the first step with this flow

just one more question about the forum
If I want to keep continue asking you and complete this code Do I need to open new thread in forum or just continue here ?

1 Like

I don’t mind. This thread works fine. You can also always send me a private message. :smiley: :+1:

1 Like