Important changes to our API

Important Changes to the Envato Market API

As you may be aware, earlier in the year we launched our new API site, build.envato.com.

Along with this we provided an improved mechanism for authentication using OAuth 2, paving the way for richer integrations with the Envato Market API. Since the launch, we’ve seen a great take up of the new API, with over 500 applications registered.

We’d like to extend a huge thankyou to everybody who has created applications, provided feedback, and helped us test our new API. You are all awesome!

The time has now come for us to start winding down access to the older API, and today is the first day of a 2 month retirement period. At the end of this period, we will be turning off access to the old Market API.

This means if you have applications which are integrated into the market API and use the market.envato.com API domain, you’ll need to start transitioning over to using the model described at build.envato.com.

Why we’re shutting down the old API

The way the old API was accessed was via API keys. This meant that if you wanted to write an application using our API and share it with other people, your users would need to work out how to get into their admin area, then generate an API key, and then copy and paste it into your app. If you’re on a mobile device, this is quite cumbersome!

Additionally, we didn’t have any way to provide more focussed security around what an application has access to, meaning that if you had somebody’s API key, then you could access everything.

The new API solves both these problems: We’re able to provide a familiar method for authentication that our users are already used to, and we’re able to inform users exactly what information they will be granting an application access to, as well as being able to revoke this permission at any time.

It also gives us a better way to deliver documentation, as well as a much more direct way to inform application writers about important changes to the API which might affect them.

Most importantly, the stronger authentication model will enable us to start exploring how we will bring richer functionality to the new API.

How do I start using the new API?

Over on build.envato.com, we have described the overall process of using our API, as well as how to integrate with OAuth specifically. We’ve also provided a playground area built into the documentation, so you can try out each API call live using your own account.

Many of the endpoints you’ve used in the past are the same in the new API as they were in the old API, so the transition shouldn’t be much more complex than updating your authentication model and changing the domain.

Going forward any breaking changes will be added under a new version, and we’ll slowly deprecate the older versions of the endpoints, so you’re not continually updating your applications. We also have some newer endpoints coming up in the future, and will be transitioning the API to a more REST-like URL structure under new versioned endpoints.

What if I don’t update to the new API?

The sunset period is 2 months from today. On that day, we will be blocking access to the API endpoints, so all your requests to our old API will return HTTP 404.

One month before we shutdown access to the old API, we will start to severely reduce the rate limits of the old API. It’s not something we want to do, but we know that not everybody reads or participates in these forums, so they won’t see this announcement. When we rate limit, we will be including a link to this post in the hope that we can get the message out as much as possible.

Cheers,

Sean.

So this means old way of verifying purchase code and valid buyer http://marketplace.envato.com/api/v3/{username}/{key}/verify-purchase:{code}
is not going to work any more.

What is the simplest way to do this with the new api without using full oAuth and integrate such function in each item. ?

Thanks

Why not simply maintaining the old API while developing the new one? In the OP, it appears you’ll be giving some solid reasons as to why the old API needs to be retired, but instead of giving actuals reasons for this move, you’re only explaining why the new API was developed and how it’s better then the old one. To be honest, we all know this already… but I fail to see why you can not just keep the old API live…

So, asking again, why not simply maintaining the old API so you’re not forcing everyone to rewrite they API interaction?

The simplest way is to create a Personal Token using the same account you are selling your items from. You can then use the Author Sale API call to verify the purchase code.

Hey chilly_orange,

By having to support two different API systems, we’re doubling our work, making it harder to provide better API functionality.

The old API also makes it difficult to perform necessary architectural work on our system without constantly breaking it and incurring more technical debt. It also doesn’t have a way to handle finer grained security, making it a future liability we’d prefer not to have.

Cheers,
Sean.

Perfect many thanks for this information :smile:

Thanks for clearing that up Sean!

How will the FTP upload thing work? Currently you have to use the username and an api key generated through the “old” way in order to connect via FTP, although the article on your knowledge base redirects to the new api website, on the new api I don’t see any way to generate a key to connect via ftp ? Or is that the token?

We have a new FTP subsystem coming soon which will use the Personal tokens issued from build.envato.com.

Does this mean that the Envato WordPress Toolkit Library that the ThemeForest authors use in the themes to provide automatic updates won’t be working anymore in its current version? Looking trough the code I can see that it uses http://marketplace.envato.com/api/ for the API calls.
If the toolkit needs to be updated to work with the new API, many authors will have to update their WordPress themes in a very short period.

There’s a new toolkit coming soon! It looks awesome

Yes and now you are doubling our work, because, who cares, right?
Some of us have created advanced system to maintain our support and work for our items.

now we do have to spend tons of time to update theme and start from zero.

You could at least share some php libraries for our help.

" At least "

What are you having trouble doing with the new API? I can provide some sample code

Where can I see this ?

Can I please know, how I can integrate a token, so I can have the app authorized ( without asking user to login so I can get his info ) and I can just validate the Purchase code?

That, can be really helpfull.

Thanks a lot for the effort.

Honestly,

Could you help me re-writte the following:

    public function rcp_form_errors( $postdata ) {
    if ( is_user_logged_in() && get_user_meta( get_current_user_id(), 'tf_key', true ) ) {
        return;
    }

    $existing_keys = get_option( 'tf_keys', array() );

    $tf_key = isset( $_POST[ 'rcp_tf_key' ] ) ? esc_attr( $_POST[ 'rcp_tf_key' ] ) : false;

    if ( $tf_key ) {
        $this->tf_key = $tf_key;
    } else {
        return rcp_errors()->add( 'no-tf-key', __( 'Please enter a ThemeForest Purchase Key' ), 'register' );
    }

    global $wpdb;

    $sql = "
        SELECT user_id
        FROM $wpdb->usermeta
        WHERE meta_key = 'tf_key'
        AND meta_value = %s
    ";

    $existing = $wpdb->get_var( $wpdb->prepare( $sql, $tf_key ) );

    if ( $existing ) {
        return rcp_errors()->add( 'duplicate-tf-key', __( 'This Purchase Key is already associated with an account.' ), 'register' );
    }

    $url = sprintf(
        'http://marketplace.envato.com/api/edge/%s/%s/verify-purchase:%s.json',
        ENVATO_USERNAME,
        ENVATO_API_KEY,
        $tf_key
    );

    $response = wp_remote_get( $url, array( 'sslverify' => false ) );
    $body = wp_remote_retrieve_body( $response );
    $body = json_decode( $body, true );

    if ( ! empty( $body[ 'verify-purchase' ] ) ) {
        $this->verify_purchase = $body[ 'verify-purchase' ];
    } else {
        return rcp_errors()->add( 'invalid-tf-key', __( 'Your ThemeForest Purchase Key is invalid.' ), 'register' );
    }
}

Yep no worries. I’m on my phone now but once I’m back on a computer I’ll help rewrite that for you. I’ve also got a bunch of other snippets to share

try this. I’ve re-written the above code to work with the new api.

note that $this->verify_purchase will contain different data, so if you reference that parameter from somewhere else you might want to double check you’re referencing it correctly (e.g. item name would be $this->verify_purchase['item']['name'] )

you also have to setup a new personal token:

// generate your personal API token from http://build.envato.com define('ENVATO_API_TOKEN','asdfasdfasdfasdfasdfasdfasdfasdf');

and the updated method:

public function rcp_form_errors( $postdata ) {
	if ( is_user_logged_in() && get_user_meta( get_current_user_id(), 'tf_key', true ) ) {
		return false;
	}
	$tf_key = isset( $_POST[ 'rcp_tf_key' ] ) ?  $_POST[ 'rcp_tf_key' ] : '';
	// sanitize purchase code to ensure they're all lowercase in our database and in the correct format.
	$tf_key = strtolower(preg_replace('#([a-z0-9]{8})-?([a-z0-9]{4})-?([a-z0-9]{4})-?([a-z0-9]{4})-?([a-z0-9]{12})#','$1-$2-$3-$4-$5',$tf_key));
	if ( $tf_key ) {
		$this->tf_key = $tf_key;
	} else {
		return rcp_errors()->add( 'no-tf-key', __( 'Please enter a valid ThemeForest Purchase Code available from your <a href="http://themeforest.net/downloads" target="_blank">ThemeForest Downloads Page</a>' ), 'register' );
	}

	global $wpdb;

	$sql = "
        SELECT user_id
        FROM $wpdb->usermeta
        WHERE meta_key = 'tf_key'
        AND meta_value = %s
    ";

	$existing = $wpdb->get_var( $wpdb->prepare( $sql, $tf_key ) );

	if ( $existing ) {
		return rcp_errors()->add( 'duplicate-tf-key', __( 'This Purchase Key is already associated with an account.' ), 'register' );
	}

	$url = sprintf(
		'https://api.envato.com/v2/market/author/sale?code=%s',
		$tf_key
	);
	$request_headers = array(
		'user-agent' => 'dtbaker WordPress',
		'timeout'    => 20,
		'sslverify'    => false,
		'Authorization' => 'Bearer ' . ENVATO_API_TOKEN,
	);
	$response = wp_remote_get( $url, $request_headers );
	$body = wp_remote_retrieve_body( $response );
	$body = json_decode( $body, true );

	if ( ! empty( $body[ 'item' ][ 'id' ] ) ) {
		// $body will look like this:
		/*$body = array(
			'amount'          => 12.10,
			'sold_at'         => '2015-09-19T22:57:07+10:00',
			'item'            => array(
				'id'                 => 123,
				'name'               => 'item name here',
				'description'        => 'lots of html code here',
				"site"               => "codecanyon.net",
				"classification"     => "wordpress/social-networking",
				"classification_url" => "http://codecanyon.net/category/wordpress/social-networking",
				"price_cents"        => 1900,
				"number_of_sales"    => 247,
				"author_username"    => "dtbaker",
				"author_url"         => "http://codecanyon.net/user/dtbaker",
				"author_image"       => "https://0.s3.envato.com/files/111547951/dtbaker-php-scripts-wordpress-themes-and-plugins.png",
				"url"                => "http://codecanyon.net/item/simple-social-inbox-facebook-twitter-google/7478754",
				"thumbnail_url"      => "https://0.s3.envato.com/files/90732550/thumb_track-link-clicks-and-send-social-messages-from-WordPress.png",
				"summary"            => "Compatible Browsers=> IE10, IE11, Firefox, Safari, Opera, Chrome, Software Version=> WordPress 4.2",
			),
			"license"         => "Regular License",
			"support_amount"  => "0.00",
			"supported_until" => "2016-03-20T13 =>57 =>07+11 =>00",
			"buyer"           => "singsingszeged"
		);*/
		$this->verify_purchase = $body;
	} else {
		return rcp_errors()->add( 'invalid-tf-key', __( 'Your ThemeForest Purchase Key is invalid.' ), 'register' );
	}
	return true;
}

I’ve started putting some sample code together here:

http://dtbaker.net/envato/envato-api-php-code-samples/

I’ve got some more to add (e.g. oAuth example) just gotta find time to clean it up first.

Great,

thanks a lot for all the effort! :smile:
Really appreciate it, let us know if we can show it somehow!