Envato API - Verify Purchase

Hello.
A lot of users may use this one on their support forums registrations.

I decided to make a function that checks a purchase using the Envato API, your username, your api key, and the customers “Item Purchase Code” ( they can get this from the license file ) .


I wanted to check it and make sure that it works 100%, but i got banned from the API :slight_smile: (“You have been locked out of the API for 1 hour because of too many requests. Please complain to the author of your widget/application.” )


Here is the function. Please test it and tell me if it works well, and also use it as you like in your support forums.


<?php
function envato_verify_purchase($purchase_code)
{
	//SETUP THE API DATA
	
	$username = ''; 
	$api_key = '';
	
	//CHECK IF THE CALL FOR THE FUNCTION WAS EMPTY
	if ( $purchase_code != '' ):
	
		/*
			STEPS IN THE CODE BELOW:
			 - QUERY ENVATO API FOR JSON RESULT
			 - DECODE THE RESULT AND TRANSFORM IT FROM OBJECTS TO AN ARRAY
			 - CHECK IF THERE IS A ITEM TITLE == THE PURCHASE WAS MADE OR NOT
		*/			
		
		$result_from_json = file_get_contents('http://marketplace.envato.com/api/edge/'.$username.'/'.$api_key.'/verify-purchase:'.$purchase_code.'.json');
		$result = json_decode($result_from_json, true);
		
		if ( $result['verify-purchase']['item_name'] ) :
			return 1;
		else:
			return 0;
		endif;
	endif;		
}
?>

the comments explain the code

Hey thanks man. :slight_smile:

This code may fail if they have purchased more than 1 license of the item.

It may also fail because it doesn’t check exactly which item the user has purchased from you. Only that the user has made a purchase from you.

Also file_get_contents on a url may not work on a lot of hosting accounts. Suggest using curl. Possibly try something like this:

$result = false; // have we got a valid purchase code?
$our_item_id = 149180; // check if they've bought this item id.
$username = 'dtbaker'; // authors username
$api_key = 'gphyrdsomething'; // api key from my account area
$url = "http://marketplace.envato.com/api/edge/$username/$api_key/verify-purchase:$code.json";
$ch = curl_init($url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,true);
$json_res = curl_exec($ch);
$data = json_decode($json_res,true);
$purchases = $data['verify-purchase'];
if(isset($purchases['buyer'])){
   // format single purchases same as multi purchases
   $purchases=array($purchases); 
}
$purchase_details = array();
foreach($purchases as $purchase){
	$purchase=(array)$purchase; // json issues
	if((int)$purchase['item_id']==(int)$our_item_id){
		// we have a winner!
		$result = true;
		$purchase_details = $purchase;
	}
}
// do something with the users purchase details, 
// eg: check which license they've bought, save their username something
if($result){
echo 'user has bought our item';
print_r($purchase_details);
}else{
echo 'invalid purchase code';
}

FYI here’s an example reply from the API:

{"verify-purchase":{"buyer":"buyer_id_here","created_at":"Wed Dec 01 05:00:47 +1100 2010","licence":"Regular Licence","item_name":"Your Item Name Here","item_id":"116430"}}

how to implement this into a registration page?

Hi! thanks to @duotive and @dtbaker for the explanation.
My WP theme still in progress and I have a plan to make the Purchase Code as option to enable the updater (Product Serial Number likes).

Some of Themeforest authors give a notification about their purchased theme/plugin(s) have an update from WP dashboard than the buyer have to go to the theme/plugin themeforest page to get the new file(s). Cause of that, I got an idea to make a “setup installation” after theme/plugin activated, than the user must input their Purchase Code > click the Finish button and after that buyer can get the updated files directly on their WP dashbord or Theme option as well.

My question is.
can I use the Purchase Code as Product Serial Number likes?
I wonder what I can do with this function, may be integrating the supports directly from WP dashboard and much more :smiley:

Hi. That is kinda useless now. Study this: https://github.com/JeffreyWay/Envato-Marketplace-API-Wrapper-in-PHP - this is what all of us are using. :smiley:

thanks for the repo, i’m already on it :smitten:

um, can you give me your consideration about my idea?

thanks and regard :smiley:

You’re welcome. I tried to think about that too, but did not do that because of bad ratings that will come with it, because customers will not know how to use it.

The timing for something like this couldn’t be better. I was just wondering how to do this very thing. I am looking into using another tutorial on tuts plus to make a custom logon to my site

I wanted to grab the purchase code and or the persons username for themeforest and have the system check to see if they are a buyer. This would make a fantastic plugin for one of you guys smart enough to code it. I would buy that.

feryardiant said

Hi! thanks to @duotive and @dtbaker for the explanation.
My WP theme still in progress and I have a plan to make the Purchase Code as option to enable the updater (Product Serial Number likes).

Some of Themeforest authors give a notification about their purchased theme/plugin(s) have an update from WP dashboard than the buyer have to go to the theme/plugin themeforest page to get the new file(s). Cause of that, I got an idea to make a “setup installation” after theme/plugin activated, than the user must input their Purchase Code > click the Finish button and after that buyer can get the updated files directly on their WP dashbord or Theme option as well.

My question is.
can I use the Purchase Code as Product Serial Number likes?
I wonder what I can do with this function, may be integrating the supports directly from WP dashboard and much more :smiley:

I’ve started a thread at CC about this topic. The main problem in my opinion is that buyers see the purchase code and their API key

I like the idea with the setup installation but in case your server goes down it will bring you a bad reputation though

revaxarts said
feryardiant said

Hi! thanks to @duotive and @dtbaker for the explanation.
My WP theme still in progress and I have a plan to make the Purchase Code as option to enable the updater (Product Serial Number likes).

Some of Themeforest authors give a notification about their purchased theme/plugin(s) have an update from WP dashboard than the buyer have to go to the theme/plugin themeforest page to get the new file(s). Cause of that, I got an idea to make a “setup installation” after theme/plugin activated, than the user must input their Purchase Code > click the Finish button and after that buyer can get the updated files directly on their WP dashbord or Theme option as well.

My question is.
can I use the Purchase Code as Product Serial Number likes?
I wonder what I can do with this function, may be integrating the supports directly from WP dashboard and much more :smiley:

I’ve started a thread at CC about this topic. The main problem in my opinion is that buyers see the purchase code and their API key

I like the idea with the setup installation but in case your server goes down it will bring you a bad reputation though

I agree with you, it makes sense that the username and API should be the buyers, but it would have been nicer if the username and API is ours and only the purchase code to be required from the buyer. Some buyers might not even know where to find the API KEY or what is that :slight_smile:

Perhaps Envato will come up with a new API which will allow us to do what we need, especially the updates part :smiley:

nope the API key is ours. end-users never have to enter their API key along with their licence purchase code. Only their licence purchase code.

Like this example: http://dtbaker.com.au/envato/download.php
You enter your author username, your author API key, and your users licence purchase code. It generates the download link. Source code here http://dtbaker.com.au/envato/download.phps

dtbaker said

nope the API key is ours. end-users never have to enter their API key along with their licence purchase code. Only their licence purchase code.

Like this example: http://dtbaker.com.au/envato/download.php
You enter your author username, your author API key, and your users licence purchase code. It generates the download link. Source code here http://dtbaker.com.au/envato/download.phps

So you’re saying that in the next statement:

$url = "http://marketplace.envato.com/api/v3/username/api-key/download-purchase:licence_code.json';

the username and the api-key is ours, and only the purchase code is the clients ? Because that would be great when it comes to having a download link to your items for the buyers ( if they provide the purchase code ) :slight_smile:

But is it safe to provide such a link ? Of course using PHP and not JS.

dtbaker said

nope the API key is ours. end-users never have to enter their API key along with their licence purchase code. Only their licence purchase code.

Like this example: http://dtbaker.com.au/envato/download.php
You enter your author username, your author API key, and your users licence purchase code. It generates the download link. Source code here http://dtbaker.com.au/envato/download.phps

NO, not in my case!
if I enter

http://marketplace.envato.com/api/v3/MY_USERNAME/MY_APIKEY/download-purchase:BUYER_PURCHASECODE.json

I only get

{"download-purchase":{}}

but if I enter

http://marketplace.envato.com/api/v3/BUYER_USERNAME/BUYER_APIKEY/download-purchase:BUYER_PURCHASECODE.json

i get

{"download-purchase":{"download_url":"http://s3.amazonaws.com/marketplace-downloads.envato.com/files/123456/blablabla.zip?AWSAccessKeyId=blablabla\u0026Expires=123456789\u0026Signature=foobarfoobar\u0026response-content-disposition=attachment;%20filename=blablabla.zip"}}

The item isn’t a wordpress plugin or theme but I guess this doesn’t matter

revaxarts said
dtbaker said

nope the API key is ours. end-users never have to enter their API key along with their licence purchase code. Only their licence purchase code.

Like this example: http://dtbaker.com.au/envato/download.php
You enter your author username, your author API key, and your users licence purchase code. It generates the download link. Source code here http://dtbaker.com.au/envato/download.phps

NO, not in my case!
if I enter

http://marketplace.envato.com/api/v3/MY_USERNAME/MY_APIKEY/download-purchase:BUYER_PURCHASECODE.json

I only get

{"download-purchase":{}}

but if I enter

http://marketplace.envato.com/api/v3/BUYER_USERNAME/BUYER_APIKEY/download-purchase:BUYER_PURCHASECODE.json

i get

{"download-purchase":{"download_url":"http://s3.amazonaws.com/marketplace-downloads.envato.com/files/123456/blablabla.zip?AWSAccessKeyId=blablabla\u0026Expires=123456789\u0026Signature=foobarfoobar\u0026response-content-disposition=attachment;%20filename=blablabla.zip"}}

The item isn’t a wordpress plugin or theme but I guess this doesn’t matter

Yeah, already tried that :slight_smile: Same result on my end :expressionless: Sad because I was thinking of implementing something like that on my new website, a backend for my buyers where they can download their purchases ( what they brought from me ) and get support and etc.

But as someone here mentioned, some users are not comfortable providing their username and API keys. So we’ll have to wait for a better API :slight_smile:

Hi all

It seems that there’s some confusion about the download-purchase vs verify-purchase API methods.

download-purchase is for buyers to generate their download link for a purchase. This method requires the use of the buyer’s username and API key.

verify-purchase is for sellers to retrieve details about a purchase. This method requires the use of the seller’s username and API key.

Hope that clears things up! :slight_smile:

David

dgoodlad said

Hi all

It seems that there’s some confusion about the download-purchase vs verify-purchase API methods.

download-purchase is for buyers to generate their download link for a purchase. This method requires the use of the buyer’s username and API key.

verify-purchase is for sellers to retrieve details about a purchase. This method requires the use of the seller’s username and API key.

Hope that clears things up! :slight_smile:

David

That’s what I thought, I mean it makes sense to be that way, but it would have been nice if there was a way to provide a download link without the client’s API, a download link for my items only per say, only what he / she purchased from me, not all his downloads.

Also, another good thing would be if there were some info on the updates in the API, a way to inform the clients that we updated our items.

Thanks David for clarification!

I’m surprised why buyers should enter all that information when the purchase code verifies the purchase already. Furthermore it’s more complicated to explain them where to find their API key and what is it for.

The only reason why all that info is required is because someone could guess a correct code but that’s really implausible.

Much better would be a download with only the purchase code for the next API update or I have to use my own implementation

dtbaker said

nope the API key is ours. end-users never have to enter their API key along with their licence purchase code. Only their licence purchase code.

rofl. maybe I should have tested the API before posting that :stuck_out_tongue: yep needs buyers api key and their licence code. how strange!