Purchase Code Verification

Hi, is there any working API which can be used to verify buyer purchase code multiple times in a day?

Absolutely! Check out https://build.envato.com


I did check it but not working

Can you clarify what is not working?

If you let me know what programming language you would like to work with, I can give you a working code sample so you can test it on your end. You will need a real purchase code from one of your customers to test it fully.

From your portfolio, it seems like you often work with PHP. If that’s your language of choice, I have a fully-functional code sample at the link below.

Yes, PHP. I’m using the following code. It gives 401 error code

$key = '<key>';
$code = '<purchase code>';
$ch = curl_init();
curl_setopt_array($ch, array(
    CURLOPT_URL => "https://api.envato.com/v3/market/author/sale?code={$code}",
        "Authorization" => "Bearer ".$key,
        "User-Agent" => "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

$response = @curl_exec($ch);

HTTP 401, if I can remember correctly, means that your personal token ($key) does not have the required permission.

Create a new token at https://build.envato.com/my-apps/ and make sure it has the “View your items’ sales history” permission enabled.


Yes, that permission is already set.

“Verify your items’ sales history” or “View your items’ sales history”?

Sorry mate, my bad. I missed this mistake in your code:

        "Authorization" => "Bearer ".$key,
        "User-Agent" => "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

…should be this instead (and enter a real user agent that describes what you are doing):

        "Authorization: Bearer $key",
        "User-Agent: Purchase code verification on is-best.net"
1 Like

User-Agent won’t be any browser string?

No, user agents should always describe the client sending the request. You’re not sending the request from a web browser, so it should not have a browser user agent (such agents are only useful if you’re scraping websites and don’t want to be identified as a bot).

Envato requests that your user agent describe your service or product (i.e. they want to know why you are sending that request). If your server is sending a large number of requests, they may look at it and increase your rate limit etc. depending on the user agent. If it’s a browser user agent, they may think it’s an abusive user and could temporarily block your server’s IP address. Just an example of why you should be accurate here. :smiley:

I see. How many requests do they allow for one purchase code in a day?

Unlimited. It’s more a matter of how fast you are sending requests. You would have to send several requests per second to possibly be rate limited, from what I have been told, but there are possibly other factors that are considered as well.

Cool. I replaced with above code but Now I’m getting 403

Following are set permissions

Make sure you replaced the $key variable with the correct (new) personal token. If you are sure the token is correct, wait a few minutes and try again. The API is heavily cached.

Response codes:

  • 404 means the purchase code was invalid, not real, or was not from one of your customers.
  • 403 means the personal token is incorrect or does not have the required permission(s).
  • 401 means the authorization header is missing. Verify that your code is correct.
  • 400 means a parameter or argument in the request was invalid.
  • 200 means everything was okay and the purchase code is valid!

Created new token. It works now.

Thanks for your help :slight_smile:

1 Like