How to verify a purchase code using the Envato API

Thanks mate, your code worked for me. thanks for sharing.

I have tested with my own keys for the buyer purchase but I get invalid purchase code. How did you manage to test? Did you change any part of the code?

Here is my code:
$code= trim($_GET['apikey']); // have we got a valid purchase code?
$url = "".$code;
$curl = curl_init($url);
$personal_token = "7VtLufxHZv3................";
$header = array();
$header[] = 'Authorization: Bearer '.$personal_token;
$header[] = 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:41.0) Gecko/20100101 Firefox/41.0';
$header[] = 'timeout: 20';
curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($curl, CURLOPT_HTTPHEADER,$header);
$envatoRes = curl_exec($curl);
$envatoRes = json_decode($envatoRes);
$date = new DateTime($envatoRes->supported_until);
$boughtdate = new DateTime($envatoRes->sold_at);
$bresult = $boughtdate->format('Y-m-d H:i:s');
$sresult = $date->format('Y-m-d H:i:s');
if (isset($envatoRes->item->name)) {
$data = " - Verification Success: ({$envatoRes->item->name}) - (Bought Date: {$bresult} ) - (Support Till: {$sresult})";
} else {
$data= " - FAILED: Invalid Purchase Code";
echo $data;

I don’t advise you use a browser-like user agent for automated requests. In some cases, we drop traffic that pretends to be a browser like user agent as a part of our security measures. You should instead use your own identifier.

What is the API response you receive here? Is it a 200? Or 4xx?

from the output I get no response code only "FAILED: Invalid Purchase Code"; Is there a way I can test to get it to output the response code as 200, or 4xx?

There will be a HTTP response code, you might just not be outputting it. You probably want to var_dump($envatoRes); and inspect it for the status.

For a CURL request you can get the response code using curl_getinfo. You must call it before closing the handle with curl_close.

$code = curl_getinfo($curl, CURLINFO_HTTP_CODE);
var_dump($code); // int(200)

Also, I don’t believe you will be able to test with purchase codes from your own purchases - it has to be one of your buyers.

Can anyone help me please.

I implemented the code and I get curl_error -> " malformed" from

What dose that means?

Thank you.

( Edit: Resolved in Theme purchase code PHP issue )

I presume that buyers would need to create and provide a personal token for that code to work, Would they?

Is there a way we can test our code without purchasing the product ourselves? Having the buyer purchase code is not enough because we need also a personal token.

I’m asking all these because there’s no way to test any of this. Buyers are reporting issues we cannot test nor develop.

If I have to purchase my own plugin to be able to test and develop it’s a shame and we as developers need a better way to ensure our code works. Even buying our own plugin is not a solution because we need Envato to approve our plugin to then buy it to then check the validation, while other users can also buy the plugin without validation.

I don’t see how we can create a good flow for buyers from the beginning.

Thank you.

No, only the author must register a personal token, so long as you use the proper endpoint which I documented in my post above.

Having the buyer’s purchase code is enough. For proof, enter the purchase code here on the sandbox:

The sample PHP code I provided in my post above is fully tested, works, and will be enough to verify your buyer’s purchase code with your own personal token.

1 Like

How would I test this without any sales or buyers (pre-release, pre-dev stage)?

to verify you must need purchase code. so, without sale mean purchase code you will not be able to check/test.

There’s no official sandbox for testing, unfortunately. Personally, I like to set up a few pages on my own server that return example responses from the API, and test using those.

See my post way way way at the top of this thread for example success and error responses.

Elite Licenser - Easy to use WordPress plugin that can integrate license verification system using envato api inside your WordPress or PHP product.

Hi, the method doesn’t work no more. There is not "View the user’s items’ sales history” for personal token:

Also if you go to and generate the token, the scope is converted to YOUR purchase not the user’s one.

Anyone know another method?

Thank you!

Hey @Schiocco - The wording for permissions is a little different if you edit them. When editing an existing token, you want to select “View your items’ sales history”, which is selected in your screenshot. It will still work as normal.

Basically, “View your items’ sales history” and “View the user’s items’ sales history” are identical, so whichever one you see works fine. :slight_smile:

1 Like

I’m a bit confused about this API closure. If this is the api being closed, then why does the documention on still show ‘…’ in most of their examples. If we can’t use this API URL anymore, it would be really helpful for some relevant examples.

I haven’t done much with the API before, but now I’m in a bind because a plugin I rely on is using this URL to verify purchases.

Hi @bolderelements,

Sorry for any confusion! I was referring to the old API at - not sure if the post above was edited or if I saw him using it somewhere else, but that’s what is being removed/shut down (in March). is the proper API.

Oh good, thank you! So happy to know the plugin should continue working then… It’s no longer supported so I was trying to figure it out on my own. Whew! Some day when I have more time I’ll have to learn it for myself :slight_smile:

1 Like

Is there any dummy purchase code for testing my envato purchase code validation? Stripe API has test card number 4242 4242 4242 4242. I am searching for dummy envato purchase code for testing purpose.