How to verify a purchase code using the Envato API

The one you’re using is for a buyer to verify their own purchase code. It won’t work for authors.

The one I posted is meant for authors to verify purchase codes from their buyers. :slight_smile:

1 Like

thank you so much my dear now everything is working fine.thank jesus

1 Like
$code = "86781236-23d0-4b3c-7dfa-c1c147e0dece";

// If you took $code from user input it's a good idea to trim it:

$code = trim($code);
$url = 'https://api.envato.com/v3/market/author/sale?code='.urlencode(trim($code)).'';

    $response = wp_remote_get($url ,
    array(
        'headers' => array(
            'Authorization' => "Bearer " . $this->api_key,
            'User-Agent' => "Enter a description of your app here for the API team"
        )
    )
);

$body = json_decode($response['body']);

if ($body->item->id !== 17022701) 
throw new Exception("The purchase code provided is for a different item");

This code work for me , one great news is i am building a opensource WordPress plugin for the community , hope soon i am able to release.

2 Likes

Below code worked for me :

<?php
   	$code= trim($_GET['apikey']); // have we got a valid purchase code?
	$url = "https://api.envato.com/v3/market/author/sale?code=".$code;
	$curl = curl_init($url);
	$personal_token = "personal token from envato app";
	$header = array();
	$header[] = 'Authorization: Bearer '.$personal_token;
	$header[] = 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:41.0) Gecko/20100101 Firefox/41.0';
	$header[] = 'timeout: 20';
	curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
	curl_setopt($curl, CURLOPT_HTTPHEADER,$header);
	$envatoRes = curl_exec($curl);
	curl_close($curl);
	$envatoRes = json_decode($envatoRes);
	//print_r($envatoRes);
	$date = new DateTime($envatoRes->supported_until);
	$boughtdate = new DateTime($envatoRes->sold_at);
	$bresult = $boughtdate->format('Y-m-d H:i:s');
	$sresult = $date->format('Y-m-d H:i:s');
		if (isset($envatoRes->item->name)) {   
				$data = " - Verification Success:  ({$envatoRes->item->name})  -  (Bought Date: {$bresult} )  - (Support Till: {$sresult})";
		} else {  
				$data= " - FAILED: Invalid Purchase Code";
		} 
	echo $data;
?>
2 Likes

Hi!
I got it working using the buyer option but not with the author/sale.
https://build.envato.com/api/#!/market_0/Author_Sale

Can it be, that it only works with keys of my items? I just have keys from purchases I made for testing. With this key, I always get “No content 404” exception. Also the API page results in “No content”.

I know that the code is working, because it works with this url

https://api.envato.com/v3/market/buyer/purchase

Is there any way to test it? Or do I need to purchase my own item to make a final test?

Thanks a lot!

Unfortunately there’s no way to test it without having a purchase code from one of your customers. Purchase codes for other authors won’t work.

Envato Market Purchase Code Validator is a plugin by which Envato Market authors can easily validate their customers purchases while giving them support.

Thanks mate, your code worked for me. thanks for sharing.

Hi!
I have tested with my own keys for the buyer purchase but I get invalid purchase code. How did you manage to test? Did you change any part of the code?

Here is my code:
<?php
$code= trim($_GET['apikey']); // have we got a valid purchase code?
$url = "https://api.envato.com/v3/market/buyer/purchase?code=".$code;
$curl = curl_init($url);
$personal_token = "7VtLufxHZv3................";
$header = array();
$header[] = 'Authorization: Bearer '.$personal_token;
$header[] = 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:41.0) Gecko/20100101 Firefox/41.0';
$header[] = 'timeout: 20';
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER,$header);
$envatoRes = curl_exec($curl);
curl_close($curl);
$envatoRes = json_decode($envatoRes);
//print_r($envatoRes);
$date = new DateTime($envatoRes->supported_until);
$boughtdate = new DateTime($envatoRes->sold_at);
$bresult = $boughtdate->format('Y-m-d H:i:s');
$sresult = $date->format('Y-m-d H:i:s');
if (isset($envatoRes->item->name)) {
$data = " - Verification Success: ({$envatoRes->item->name}) - (Bought Date: {$bresult} ) - (Support Till: {$sresult})";
} else {
$data= " - FAILED: Invalid Purchase Code";
}
echo $data;
?>

I don’t advise you use a browser-like user agent for automated requests. In some cases, we drop traffic that pretends to be a browser like user agent as a part of our security measures. You should instead use your own identifier.

What is the API response you receive here? Is it a 200? Or 4xx?

from the output I get no response code only "FAILED: Invalid Purchase Code"; Is there a way I can test to get it to output the response code as 200, or 4xx?

There will be a HTTP response code, you might just not be outputting it. You probably want to var_dump($envatoRes); and inspect it for the status.

For a CURL request you can get the response code using curl_getinfo. You must call it before closing the handle with curl_close.

$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
var_dump($code); // int(200)
curl_close($curl);

Also, I don’t believe you will be able to test with purchase codes from your own purchases - it has to be one of your buyers.

Can anyone help me please.

I implemented the code and I get curl_error -> " malformed" from

What dose that means?

Thank you.

( Edit: Resolved in Theme purchase code PHP issue )

I presume that buyers would need to create and provide a personal token for that code to work, Would they?

Is there a way we can test our code without purchasing the product ourselves? Having the buyer purchase code is not enough because we need also a personal token.

I’m asking all these because there’s no way to test any of this. Buyers are reporting issues we cannot test nor develop.

If I have to purchase my own plugin to be able to test and develop it’s a shame and we as developers need a better way to ensure our code works. Even buying our own plugin is not a solution because we need Envato to approve our plugin to then buy it to then check the validation, while other users can also buy the plugin without validation.

I don’t see how we can create a good flow for buyers from the beginning.

Thank you.

No, only the author must register a personal token, so long as you use the proper endpoint which I documented in my post above.

Having the buyer’s purchase code is enough. For proof, enter the purchase code here on the sandbox: https://build.envato.com/api#market_0_Author_Sale

The sample PHP code I provided in my post above is fully tested, works, and will be enough to verify your buyer’s purchase code with your own personal token.

1 Like

How would I test this without any sales or buyers (pre-release, pre-dev stage)?

to verify you must need purchase code. so, without sale mean purchase code you will not be able to check/test.

There’s no official sandbox for testing, unfortunately. Personally, I like to set up a few pages on my own server that return example responses from the API, and test using those.

See my post way way way at the top of this thread for example success and error responses.