Get data from Woocommerce via server api

orange

@Christoph-Hart said in Get data from Woocommerce via server api:

That's great news. I was thinking about building a generic example project that talks to a WooCommerce store and implements a proper copy protection system, but then I have no experience with Wordpress and plugins whatsoever so if anyone is interested in doing the stuff on this side, it will highly increase the probability of getting realised.

Yes if there would be an example, it would be great. About this, I haven't done anything yet too, except a couple of endpoint trials.

Also if I have time to implement something, I will definately let you know. If you need some wordpress JWT examples or a woocomemrce help, I can definately help with my limited knowledge.

orange

@d-healey said in Get data from Woocommerce via server api:

@orange Will it have a system for transferring licenses between users? Will it be possible for a user to increase the max activations by purchasing additional licenses?

I think license transfer between users is not possible right now.
But there is a "maximum instance" setting for defining max. activations. In this case, the machine ID will be needed of course.

orange

@DanH said in Get data from Woocommerce via server api:

@orange Don't suppose they mentioned how soon did they?! :D

I think it will be ready soon, really :)

d.healey

@orange

But there is a "maximum instance" setting for defining max. activations. In this case, the machine ID will be needed of course.

If the user buys a product, and then a week later comes back to buy the same product again, will they get a new license or will it increase the max activations on their existing license?

orange

@d-healey said in Get data from Woocommerce via server api:

@orange

But there is a "maximum instance" setting for defining max. activations. In this case, the machine ID will be needed of course.

If the user buys a product, and then a week later comes back to buy the same product again, will they get a new license or will it increase the max activations on their existing license?

New license key will be assigned.

orange

For your information guys,

Woocmmerce License Manager API v3 has been released, Thanks Firas (developer of this plugin) for the patience about my nonstop shameless requests :)

With all of the new API endpoints and JWT Authorization features, I can definately say that this plugin is one of the greatest and secure "in the box" solutions for Woocommerce License management that you can find!

• JWT Authentication (no api keys needed to embed in your software),
• Activate / Deactivate License with Machine ID (max. activation number can be assigned)
• Get Purchased Products, Get Product Meta Data (no need to dig into complex shitty Woocommerce REST API anymore)
• Register License that sold by resellers
• And other ton's of features

Plugin: https://codecanyon.net/item/woocommerce-license-manager/16636748?ref=firassaidi

API documentation: https://firassaidi.com/docs/documentation-woocommerce-license-manager/api-version-3/get-license-details/

d.healey

@orange Thanks, this looks great.

clumsybear

May I ask in all respect why bother with this stuff at all when it can get stripped away easily by any script kiddy looking to get props from the scene release community?

It just seems like a lot of work for something that’s not secure at all.

No offense, just want to know if I missed something.

d.healey

@clumsybear It can't be stripped away easily, this isn't like a Kontakt library, however as with all software it is certainly crackable.

Second, if you link software to your server then the client app is only half of the equation. If you remove the authorization from the client app then the server will refuse to talk with it. That means no downloads/support/updates for the end user.

clumsybear

Got you. Does this also mean that the user needs to be connected to the web constantly to be able to use your product, or is it a one time thing?

I'm aware that this is not like a Kontakt library. Anyways, I doubt that it is secure in the sense that your product can't be used without communicating to your server. JUCE products without ilok protection have a history of getting cracked within a couple of hours after release.

I get the update and support situation. imo this is the only way to really secure your software.

Of course I'm open to change my mind about that, time will tell.
Wish you good luck and all the best with it :)

orange

@clumsybear said in Get data from Woocommerce via server api:

May I ask in all respect why bother with this stuff at all when it can get stripped away easily by any script kiddy looking to get props from the scene release community?

It just seems like a lot of work for something that’s not secure at all.

No offense, just want to know if I missed something.

Of course in computer world almost everything is crackable. Even iLok was cracked. But for this case, just thinking "the crackablity" will be a very shallow thought. Plus to David,

• If you have resellers who are selling your software from their website, you need to pick and bring the customers into your database. So you can easily upsell other products (because it's much more easier to sell a product to a previous customer), give rewards to them or apply any other marketing strategies.

• Offline authorization can look "outdated" for lot's of customers. And being "outdated" is a bad image for a software company, especially in music software.

• Some customers will want to sell the license to other people, for this case you need to arrange the license management well. Online authorization is the one and only choice for this. Otherwise you don't know if your software was sold how many people after just one purchase. Even some audio plugin companies are charging for license transfer fee.

I hope that makes sense.

d.healey

@clumsybear said in Get data from Woocommerce via server api:

Got you. Does this also mean that the user needs to be connected to the web constantly to be able to use your product, or is it a one time thing?

That's up to you. My intention is that the user doesn't need to be connected at all to use it, only initially to activate their license and when they want to check for updates.

Christoph Hart

@clumsybear said in Get data from Woocommerce via server api:

JUCE products without ilok protection have a history of getting cracked within a couple of hours after release.

Depends on the company size and (a bit of) luck, but that's definitely not my experience. As long as your software needs to be reverse engineered using a reverse debugger, chances are huge that you fly under the radar of the people with the ability to do so.

clumsybear

@Christoph-Hart well concerning luck, I guess it has to do with demand, I guess if nobody cares about the software there is no point in cracking it, right?

are you referring to auddict products concerning your experience with this stuff? what copy protection scheme do Hexeract and PercX use?

Is there any audio software that does not need to use a reverse debugger to be cracked, of course if they are protected that is?

Christoph Hart

Both products use the native (C++) copy protection of HISE which offers more or less the same security as a properly implemented copy protection system with HiseScript and server calls.

d.healey

Is there a way to call a REST API function from within PHP without making an internal REST request? For example in my custom end point I want to call the license manager plugin's get_current_user_licenses function.

Dan Korneff

I'm just getting my feet wet with Server calls to Woocommerce. Using JWT for secure authentication.
Apparently, WC API blocks requests from anyone who isn't an Admin to help secure webstore sensitive data. This is slightly annoying because a customer should be able to have access to their own account (products and downloads) once they are authenticated.
I found a function posted on JWT github that filters users and gives them read-only access to their own data, but I'm unsure where to implement the code.
https://github.com/conversionxl/customer-service-dashboard/issues/3

/**
 * Add custom permissions to the WooCommerce REST API.
 */
function filter_woocommerce_rest_check_permissions($permission, $context, $object_id, $post_type)
{
    $user = wp_get_current_user();
    $roles = (array) $user->roles;

    // Allow the customer service role.
    if (in_array("customer_service", $roles)) {
        // Only allow read.
        if ($context === "read") {
            return true;
        }
    }

    return $permission;
};

add_filter('woocommerce_rest_check_permissions', 'filter_woocommerce_rest_check_permissions', 10, 4);

Any wordpress / woo gurus around with some insight?

Matt_SF

@dustbro not a guru, but I think this goes into your theme's function.php

orange

@dustbro I think you can use this code with a Code Snippet Wordpress plugin. So even if you update your wordpress theme, this function will be executed.

But if you use Woocommerce License Manager plugin, you won't need these Woocommerce REST API calls. Why do you need to use it?

Dan Korneff

@orange I'm making a downloader and the Woocommerce License Manager plugin doesn't contain customer_id or download_url.
Those are only accessible via /wp-json/wc/v3/customers/