How to verify a purchase code using the Envato API

Actually, I didn’t notice this, but you’re also using the wrong URL for the API.

Use this one:

https://api.envato.com/v3/market/author/sale?code=

but the i got this api from the envanto api did they give wrong one?

The one you’re using is for a buyer to verify their own purchase code. It won’t work for authors.

The one I posted is meant for authors to verify purchase codes from their buyers. :slight_smile:

1 Like

thank you so much my dear now everything is working fine.thank jesus

1 Like
$code = "86781236-23d0-4b3c-7dfa-c1c147e0dece";

// If you took $code from user input it's a good idea to trim it:

$code = trim($code);
$url = 'https://api.envato.com/v3/market/author/sale?code='.urlencode(trim($code)).'';

    $response = wp_remote_get($url ,
    array(
        'headers' => array(
            'Authorization' => "Bearer " . $this->api_key,
            'User-Agent' => "Enter a description of your app here for the API team"
        )
    )
);

$body = json_decode($response['body']);

if ($body->item->id !== 17022701) 
throw new Exception("The purchase code provided is for a different item");

This code work for me , one great news is i am building a opensource WordPress plugin for the community , hope soon i am able to release.

2 Likes

Below code worked for me :

<?php
   	$code= trim($_GET['apikey']); // have we got a valid purchase code?
	$url = "https://api.envato.com/v3/market/author/sale?code=".$code;
	$curl = curl_init($url);
	$personal_token = "personal token from envato app";
	$header = array();
	$header[] = 'Authorization: Bearer '.$personal_token;
	$header[] = 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:41.0) Gecko/20100101 Firefox/41.0';
	$header[] = 'timeout: 20';
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($curl, CURLOPT_HTTPHEADER,$header);
	$envatoRes = curl_exec($curl);
	curl_close($curl);
	$envatoRes = json_decode($envatoRes);
	//print_r($envatoRes);
	$date = new DateTime($envatoRes->supported_until);
	$boughtdate = new DateTime($envatoRes->sold_at);
	$bresult = $boughtdate->format('Y-m-d H:i:s');
	$sresult = $date->format('Y-m-d H:i:s');
		if (isset($envatoRes->item->name)) {   
				$data = " - Verification Success:  ({$envatoRes->item->name})  -  (Bought Date: {$bresult} )  - (Support Till: {$sresult})";
		} else {  
				$data= " - FAILED: Invalid Purchase Code";
		} 
	echo $data;
?>
2 Likes

Hi!
I got it working using the buyer option but not with the author/sale.
https://build.envato.com/api/#!/market_0/Author_Sale

Can it be, that it only works with keys of my items? I just have keys from purchases I made for testing. With this key, I always get “No content 404” exception. Also the API page results in “No content”.

I know that the code is working, because it works with this url

https://api.envato.com/v3/market/buyer/purchase

Is there any way to test it? Or do I need to purchase my own item to make a final test?

Thanks a lot!

Unfortunately there’s no way to test it without having a purchase code from one of your customers. Purchase codes for other authors won’t work.

Envato Market Purchase Code Validator is a plugin by which Envato Market authors can easily validate their customers purchases while giving them support.

Thanks mate, your code worked for me. thanks for sharing.

Hi!
I have tested with my own keys for the buyer purchase but I get invalid purchase code. How did you manage to test? Did you change any part of the code?

Here is my code:
<?php
$code= trim($_GET['apikey']); // have we got a valid purchase code?
$url = "https://api.envato.com/v3/market/buyer/purchase?code=".$code;
$curl = curl_init($url);
$personal_token = "7VtLufxHZv3................";
$header = array();
$header[] = 'Authorization: Bearer '.$personal_token;
$header[] = 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:41.0) Gecko/20100101 Firefox/41.0';
$header[] = 'timeout: 20';
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER,$header);
$envatoRes = curl_exec($curl);
curl_close($curl);
$envatoRes = json_decode($envatoRes);
//print_r($envatoRes);
$date = new DateTime($envatoRes->supported_until);
$boughtdate = new DateTime($envatoRes->sold_at);
$bresult = $boughtdate->format('Y-m-d H:i:s');
$sresult = $date->format('Y-m-d H:i:s');
if (isset($envatoRes->item->name)) {
$data = " - Verification Success: ({$envatoRes->item->name}) - (Bought Date: {$bresult} ) - (Support Till: {$sresult})";
} else {
$data= " - FAILED: Invalid Purchase Code";
}
echo $data;
?>

I don’t advise you use a browser-like user agent for automated requests. In some cases, we drop traffic that pretends to be a browser like user agent as a part of our security measures. You should instead use your own identifier.

What is the API response you receive here? Is it a 200? Or 4xx?

from the output I get no response code only "FAILED: Invalid Purchase Code"; Is there a way I can test to get it to output the response code as 200, or 4xx?

There will be a HTTP response code, you might just not be outputting it. You probably want to var_dump($envatoRes); and inspect it for the status.

For a CURL request you can get the response code using curl_getinfo. You must call it before closing the handle with curl_close.

$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
var_dump($code); // int(200)
curl_close($curl);

Also, I don’t believe you will be able to test with purchase codes from your own purchases - it has to be one of your buyers.

Can anyone help me please.

I implemented the code and I get curl_error -> " malformed" from

What dose that means?

Thank you.

( Edit: Resolved in Theme purchase code PHP issue )

I presume that buyers would need to create and provide a personal token for that code to work, Would they?

Is there a way we can test our code without purchasing the product ourselves? Having the buyer purchase code is not enough because we need also a personal token.

I’m asking all these because there’s no way to test any of this. Buyers are reporting issues we cannot test nor develop.

If I have to purchase my own plugin to be able to test and develop it’s a shame and we as developers need a better way to ensure our code works. Even buying our own plugin is not a solution because we need Envato to approve our plugin to then buy it to then check the validation, while other users can also buy the plugin without validation.

I don’t see how we can create a good flow for buyers from the beginning.

Thank you.

No, only the author must register a personal token, so long as you use the proper endpoint which I documented in my post above.

Having the buyer’s purchase code is enough. For proof, enter the purchase code here on the sandbox: https://build.envato.com/api#market_0_Author_Sale

The sample PHP code I provided in my post above is fully tested, works, and will be enough to verify your buyer’s purchase code with your own personal token.

1 Like

How would I test this without any sales or buyers (pre-release, pre-dev stage)?