Important changes to our API

Thanks for the example, I already have a working prototype update system for WP themes into my framework using the new api, although it requires the user to create a token. Do you have any idea if it’s possible with oAuth? I can’t figure out how it would work since the app requires a static return url ?

I’m playing with that now actually.

So far I’ve got two options:

  1. use the “oauth implicit flow” feature - this would require the user to login each time an update needs to be installed (implicit flow token only lasts an hour, no refresh option). The sytem can still detect if an update is available and just prompt the user to login with Envato to apply that update. No 3rd party database required to get this running. But a simple php oauth/redirection script would be required on my server.

  2. bounce all update requests through my own server and pass my own token back to the wordpress theme/plugin. the theme/plugin talks to my server using that token and that token is stored against an oauth session in my database. User logs in once and will receive updates for as long as needed. Requires a 3rd party oauth/redirection php script and database to store active oauth sessions/refresh codes.

That’s where I’m at now, only got half way through a functional demo.

Honestly I would hold off on any custom update scripts. The new “Envato Market” WordPress plugin is coming out soon and that will handle theme/plugin installations/updates externally. You will just be able to install that plugin using TGMP on theme activation and have everything handled. A few API endpoints need to be fine tuned before this is possible though, it’s getting close!

Hey,

Sorry to keep it here, but I tried the script and every Purchase code I try, I do get an error

" Your ThemeForest Purchase Key is invalid. "

That means, it is not validating the code for some reason…

And the most anoying thing is that I am trying here:
https://build.envato.com/register/

and I do get an infinity loader, without getting the option to register a new app, so I can use the info…

No worries I didn’t actually test that code, I’ll do it this arvo when back on a computer :slight_smile:

Do you know if Envato is working on an api method to submit comments? I think I’ve read it somewhere in the forum but I can’t remember where exactly.

They don’t have any write API endpoints yet. but I did hear it’s something they are working on and comments submission would be one of the first endpoints to develop. I’d say it would be lower on the to-do list though

Hey @creativeisG I had the ‘headers’ array wrong in your code, here’s the fix:

public function rcp_form_errors( $postdata ) {
	if ( is_user_logged_in() && get_user_meta( get_current_user_id(), 'tf_key', true ) ) {
		return false;
	}
	$tf_key = isset( $_POST[ 'rcp_tf_key' ] ) ?  $_POST[ 'rcp_tf_key' ] : '';
	// sanitize purchase code to ensure they're all lowercase in our database and in the correct format.
	$tf_key = strtolower(preg_replace('#([a-z0-9]{8})-?([a-z0-9]{4})-?([a-z0-9]{4})-?([a-z0-9]{4})-?([a-z0-9]{12})#','$1-$2-$3-$4-$5',$tf_key));
	if ( $tf_key ) {
		$this->tf_key = $tf_key;
	} else {
		return rcp_errors()->add( 'no-tf-key', __( 'Please enter a valid ThemeForest Purchase Code available from your ThemeForest Downloads Page' ), 'register' );
	}

	global $wpdb;

	$sql = "
        SELECT user_id
        FROM $wpdb->usermeta
        WHERE meta_key = 'tf_key'
        AND meta_value = %s
    ";

	$existing = $wpdb->get_var( $wpdb->prepare( $sql, $tf_key ) );

	if ( $existing ) {
		return rcp_errors()->add( 'duplicate-tf-key', __( 'This Purchase Key is already associated with an account.' ), 'register' );
	}

	$url = sprintf(
		'https://api.envato.com/v2/market/author/sale?code=%s',
		$tf_key
	);
	$request_headers = array(
		'user-agent' => 'dtbaker WordPress',
		'timeout'    => 20,
		'sslverify'    => false,
		'headers' => array(
			'Authorization' => 'Bearer ' . ENVATO_API_TOKEN,
		)
	);
	$response = wp_remote_get( $url, $request_headers );
	$body = wp_remote_retrieve_body( $response );
	$body = json_decode( $body, true );

	if ( ! empty( $body[ 'item' ][ 'id' ] ) ) {
		// $body will look like this:
		/*$body = array(
			'amount'          => 12.10,
			'sold_at'         => '2015-09-19T22:57:07+10:00',
			'item'            => array(
				'id'                 => 123,
				'name'               => 'item name here',
				'description'        => 'lots of html code here',
				"site"               => "codecanyon.net",
				"classification"     => "wordpress/social-networking",
				"classification_url" => "http://codecanyon.net/category/wordpress/social-networking",
				"price_cents"        => 1900,
				"number_of_sales"    => 247,
				"author_username"    => "dtbaker",
				"author_url"         => "http://codecanyon.net/user/dtbaker",
				"author_image"       => "https://0.s3.envato.com/files/111547951/dtbaker-php-scripts-wordpress-themes-and-plugins.png",
				"url"                => "http://codecanyon.net/item/simple-social-inbox-facebook-twitter-google/7478754",
				"thumbnail_url"      => "https://0.s3.envato.com/files/90732550/thumb_track-link-clicks-and-send-social-messages-from-WordPress.png",
				"summary"            => "Compatible Browsers=> IE10, IE11, Firefox, Safari, Opera, Chrome, Software Version=> WordPress 4.2",
			),
			"license"         => "Regular License",
			"support_amount"  => "0.00",
			"supported_until" => "2016-03-20T13 =>57 =>07+11 =>00",
			"buyer"           => "singsingszeged"
		);*/
		$this->verify_purchase = $body;
	} else {
		return rcp_errors()->add( 'invalid-tf-key', __( 'Your ThemeForest Purchase Key is invalid.' ), 'register' );
	}
	return true;
}

where can one report bugs about new API?

https://help.market.envato.com/hc/en-us/requests/new

Hey everyone,

Just a quick heads up on where we are at with the shutdown. We’ve received a lot of feedback that it’s too difficult to get things fully prepared in the time we’ve allowed, so we’re going to delay the shutdown until early next year.

We’ll keep you all posted as to the new date.

Cheers,
Sean.

2 Likes

Curious what sort of things are tricky for people to implement?

Is it all the themes/plugins relying on the old API for updates?

1 Like

I can’t speak for everyone, but all of our themes use the Envato WordPress Toolkit Library as that was a requirement a while ago (I even don’t know when it stopped being required). Do you have any info on the when the new toolkit will be available and is it going to be released as a plugin as well (or just a library to embed in the themes)?
I’m worried that after the old API gets retired our users won’t be able to install the updates automatically anymore and I was hoping that the new toolkit would be available sooner, so we can release updates before the API gets retired.

1 Like

Time to charge for Theme Update Service.

1 Like

Hey, finally found your post! I have that example for you, check out: Fully automatic Plugin Install + Default Content + oAuth Theme Updates in a Wizard. :slight_smile: oauth updates in WordPress, no buyer tokens required.