verify a purchase code using the new Envato API

Hi everyone

i have problem when envato change the api i was have connected my plugin with envato api to check purchase code to active the plugin and this my old code:

function verify_envato_purchase_code($code_to_verify) {
		
	// Your Username
	$username = 'xxxxxxx';
	
	// Set API Key	
	$api_key = 'xxxxxxxxxxxxxxxxxxxxxxxx';
	
	// Open cURL channel
	$ch = curl_init();
	 
	// Set cURL options
	curl_setopt($ch, CURLOPT_URL, "http://marketplace.envato.com/api/edge/". $username ."/". $api_key ."/verify-purchase:". $code_to_verify .".json");
	curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

	   //Set the user agent
	   $agent = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)';
	   curl_setopt($ch, CURLOPT_USERAGENT, $agent);	 
	// Decode returned JSON
	$output = json_decode(curl_exec($ch), true);
	 
	// Close Channel
	curl_close($ch);
			
	// Return output
	return $output;
}

how i can change to new api to be work i try like this and don’t work also

function verify_envato_purchase_code($code_to_verify) {
		
	// Set API Key	
	$api_key = 'xxxxxxxxxxxxxxxxxxxxx';
	
	// Open cURL channel
	$ch = curl_init();
	   //Set the user agent
	$agent = 'Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)';

	// Set cURL options
    curl_setopt($ch, CURLOPT_URL, "https://api.envato.com/v3/market/author/sale?code=". $code_to_verify );
    curl_setopt($curlHandle, CURLOPT_HTTPHEADER, array(
        "Authorization: Bearer {$api_key}",
        "User-Agent: {$agent}"
    ));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);

	// Decode returned JSON
	$output = json_decode(curl_exec($ch), true);
	 
	// Close Channel
	curl_close($ch);
			
	// Return output
	return $output;
} 

please anyone can help
best regards

Hi @unicodes,

I really like your username. :grin:

Your new code is mostly correct, except you have a broken reference to an unknown variable $curlHandle here:

curl_setopt($curlHandle, CURLOPT_HTTPHEADER, array( "Authorization: Bearer {$api_key}", "User-Agent: {$agent}" ));

You assigned the handle to $ch so you should use that instead:

curl_setopt($ch, CURLOPT_HTTPHEADER, array( "Authorization: Bearer {$api_key}", "User-Agent: {$agent}" ));

Additionally, your old API keys won’t work anymore. Make sure to generate a personal token on the new build.envato.com with the correct permissions, and use that as your API key instead.

Let us know how it goes. :slight_smile:

1 Like

Hi @baileyherbert,

thank you so much for your fast replay i have change $curlHandle to $ch and i change to new token with same this permissions and still now work.

and i don’t know why :frowning:

I just tested the code on my side and it works, but I have an idea on what your issue might be. Your old code used HTTP so you wouldn’t have had this issue, but the new API uses HTTPS. By default, PHP is extremely bad at verifying the certificates used in HTTPS.

Let’s try changing your CURL options to the following:

curl_setopt($ch, CURLOPT_URL, "https://api.envato.com/v3/market/author/sale?code=". $code_to_verify );
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
    "Authorization: Bearer {$api_key}",
    "User-Agent: {$agent}"
));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);

I added the CURL_SSL_VERIFYPEER option on the last line to disable the certificate checks. If that is indeed the issue, then the code should start working immediately. Let me know if that works.


Important note – Setting CURLOPT_SSL_VERIFYPEER to false is insecure and makes your code vulnerable to man-in-the-middle attacks. The correct solution to this problem is to provide CURL with the path to a file containing one or more certificate authorities that can verify Envato’s certificate. See this tutorial for more details on how to accomplish that.

@baileyherbert thank you so much
but not work aslo :disappointed:

i used this function also to get request from my plugin from other websites

add_action( 'init' , 'license_code_verificationed');
function license_code_verificationed(){
	if(isset($_REQUEST['plugin_verification'])){
		$code_to_verify = $_REQUEST['code'];
		$status = $_REQUEST['status'];
		$domain = $_REQUEST['domain'];
		$args = array(
			'meta_key' => 'placeholder_name',
			'meta_value' => $code_to_verify,
			'post_type' => 'pluginsverification',
			'post_status' => 'publish',
			'posts_per_page' => -1
		);
		
		$posts = get_posts($args);
		
		if(!empty($posts)){
			if($status == 'active'){
				$return = 'already activated';
			} else {
				$post_id = $posts[0]->ID;
				wp_delete_post($post_id);
				$return = 'de-activated';
			}
		} else {
			$purchase_data = verify_envato_purchase_code($code_to_verify);
			if( isset($purchase_data['verify-purchase']['buyer']) ) {
				$add_to = array(
					'post_title'    => $domain,
					'post_status'   => 'publish',
					'post_type' => 'pluginsverification',
					'post_content' => '',
					'comment_status' => 'closed',   // if you prefer
					'ping_status' => 'closed',
				);
				
				$post_id = wp_insert_post( $add_to );
			
				update_post_meta($post_id, 'placeholder_name',$code_to_verify);
				update_post_meta($post_id, 'placeholder_value','active');
				
				update_post_meta($post_id, 'buyer',$purchase_data['verify-purchase']['buyer']);
				update_post_meta($post_id, 'item_name',$purchase_data['verify-purchase']['item_name']);
				update_post_meta($post_id, 'licence',$purchase_data['verify-purchase']['licence']);
				
				$return = 'active';
			} else {
				$return = 'not valid';
			}
		}
		echo json_encode(array("data" => $return));
		die;
	}
}

Just to clarify, are you putting this code inside your WordPress plugin, or on your own website?

1 Like

to clarify

i have plugin name is " wooaces " i sell it here in codecanyon.
and i have other plugin i created to mange the licence and for check if the user purchase the plugin or not and save this in my DB wooaces install in client side and other one in my side and all this code above in my side. and the request come from other website to me website

1 Like

Great, that’s perfect then. The new API returns data in a different format than the old one. I’ve gone ahead and rewritten your verify_envato_purchase_code function to work as it did before. Here you go:

function verify_envato_purchase_code($code_to_verify) {
    // Set API Key
    $api_key = 'xxxxxxxxxxxxxxxxxxxxxxxx';

    // Options
    $ch = curl_init("https://api.envato.com/v3/market/author/sale?code=" . $code_to_verify);
    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
        "Authorization: Bearer {$api_key}",
        "User-Agent: Purchase code verification for Wooaces"
    ));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // this is insecure

    // Execute the request
    $response = @curl_exec($ch);
    $errno = curl_errno($ch);
    $error = curl_error($ch);
    $status = curl_getinfo($ch, CURLINFO_HTTP_CODE);
    curl_close($ch);

    // Handle errors
    if ($errno > 0) {
        return array(
            'verify-purchase' => array(
                'error' => $error
            )
        );
    }

    // Handle not-ok status codes
    if ($status !== 200) {
        return array(
            'verify-purchase' => array(
                'error' => 'Error ' . $status
            )
        );
    }

    // Decode response
    $output = json_decode($response, true);

    // Calculate support
    $supported_until = strtotime($output['supported_until']);
    $supported = $supported_until > time();

    return array(
        'verify-purchase' => array(
            'buyer' => $output['buyer'],
            'item_name' => $output['item']['name'],
            'licence' => $output['license'],
            'purchase_count' => $output['purchase_count'],
            'sold_at' => $output['sold_at'],
            'supported_until' => $supported_until,
            'supported' => $supported
        )
    );
}

Give that a shot, and let’s see if it works. :slight_smile:

2 Likes

@baileyherbert you are amazing
it’s work again thank you so much for your time :slight_smile:

you are the best :+1:
have a nice day

1 Like