Get data from Woocommerce via server api
-
But there is a "maximum instance" setting for defining max. activations. In this case, the machine ID will be needed of course.
If the user buys a product, and then a week later comes back to buy the same product again, will they get a new license or will it increase the max activations on their existing license?
-
@d-healey said in Get data from Woocommerce via server api:
But there is a "maximum instance" setting for defining max. activations. In this case, the machine ID will be needed of course.
If the user buys a product, and then a week later comes back to buy the same product again, will they get a new license or will it increase the max activations on their existing license?
New license key will be assigned.
-
For your information guys,
Woocmmerce License Manager API v3 has been released, Thanks Firas (developer of this plugin) for the patience about my nonstop shameless requests :)
With all of the new API endpoints and JWT Authorization features, I can definately say that this plugin is one of the greatest and secure "in the box" solutions for Woocommerce License management that you can find!
- JWT Authentication (no api keys needed to embed in your software),
- Activate / Deactivate License with Machine ID (max. activation number can be assigned)
- Get Purchased Products, Get Product Meta Data (no need to dig into complex shitty Woocommerce REST API anymore)
- Register License that sold by resellers
- And other ton's of features
Plugin: https://codecanyon.net/item/woocommerce-license-manager/16636748?ref=firassaidi
API documentation: https://firassaidi.com/docs/documentation-woocommerce-license-manager/api-version-3/get-license-details/
-
@orange Thanks, this looks great.
-
May I ask in all respect why bother with this stuff at all when it can get stripped away easily by any script kiddy looking to get props from the scene release community?
It just seems like a lot of work for something that’s not secure at all.
No offense, just want to know if I missed something.
-
@clumsybear It can't be stripped away easily, this isn't like a Kontakt library, however as with all software it is certainly crackable.
Second, if you link software to your server then the client app is only half of the equation. If you remove the authorization from the client app then the server will refuse to talk with it. That means no downloads/support/updates for the end user.
-
Got you. Does this also mean that the user needs to be connected to the web constantly to be able to use your product, or is it a one time thing?
I'm aware that this is not like a Kontakt library. Anyways, I doubt that it is secure in the sense that your product can't be used without communicating to your server. JUCE products without ilok protection have a history of getting cracked within a couple of hours after release.
I get the update and support situation. imo this is the only way to really secure your software.
Of course I'm open to change my mind about that, time will tell.
Wish you good luck and all the best with it :) -
@clumsybear said in Get data from Woocommerce via server api:
May I ask in all respect why bother with this stuff at all when it can get stripped away easily by any script kiddy looking to get props from the scene release community?
It just seems like a lot of work for something that’s not secure at all.
No offense, just want to know if I missed something.
Of course in computer world almost everything is crackable. Even iLok was cracked. But for this case, just thinking "the crackablity" will be a very shallow thought. Plus to David,
-
If you have resellers who are selling your software from their website, you need to pick and bring the customers into your database. So you can easily upsell other products (because it's much more easier to sell a product to a previous customer), give rewards to them or apply any other marketing strategies.
-
Offline authorization can look "outdated" for lot's of customers. And being "outdated" is a bad image for a software company, especially in music software.
-
Some customers will want to sell the license to other people, for this case you need to arrange the license management well. Online authorization is the one and only choice for this. Otherwise you don't know if your software was sold how many people after just one purchase. Even some audio plugin companies are charging for license transfer fee.
I hope that makes sense.
-
-
@clumsybear said in Get data from Woocommerce via server api:
Got you. Does this also mean that the user needs to be connected to the web constantly to be able to use your product, or is it a one time thing?
That's up to you. My intention is that the user doesn't need to be connected at all to use it, only initially to activate their license and when they want to check for updates.
-
@clumsybear said in Get data from Woocommerce via server api:
JUCE products without ilok protection have a history of getting cracked within a couple of hours after release.
Depends on the company size and (a bit of) luck, but that's definitely not my experience. As long as your software needs to be reverse engineered using a reverse debugger, chances are huge that you fly under the radar of the people with the ability to do so.
-
@Christoph-Hart well concerning luck, I guess it has to do with demand, I guess if nobody cares about the software there is no point in cracking it, right?
are you referring to auddict products concerning your experience with this stuff? what copy protection scheme do Hexeract and PercX use?
Is there any audio software that does not need to use a reverse debugger to be cracked, of course if they are protected that is?
-
Both products use the native (C++) copy protection of HISE which offers more or less the same security as a properly implemented copy protection system with HiseScript and server calls.
-
Is there a way to call a REST API function from within PHP without making an internal REST request? For example in my custom end point I want to call the license manager plugin's
get_current_user_licenses
function. -
I'm just getting my feet wet with Server calls to Woocommerce. Using JWT for secure authentication.
Apparently, WC API blocks requests from anyone who isn't an Admin to help secure webstore sensitive data. This is slightly annoying because a customer should be able to have access to their own account (products and downloads) once they are authenticated.
I found a function posted on JWT github that filters users and gives them read-only access to their own data, but I'm unsure where to implement the code.
https://github.com/conversionxl/customer-service-dashboard/issues/3/** * Add custom permissions to the WooCommerce REST API. */ function filter_woocommerce_rest_check_permissions($permission, $context, $object_id, $post_type) { $user = wp_get_current_user(); $roles = (array) $user->roles; // Allow the customer service role. if (in_array("customer_service", $roles)) { // Only allow read. if ($context === "read") { return true; } } return $permission; }; add_filter('woocommerce_rest_check_permissions', 'filter_woocommerce_rest_check_permissions', 10, 4);
Any wordpress / woo gurus around with some insight?
-
@dustbro not a guru, but I think this goes into your theme's function.php
-
@dustbro I think you can use this code with a Code Snippet Wordpress plugin. So even if you update your wordpress theme, this function will be executed.
But if you use Woocommerce License Manager plugin, you won't need these Woocommerce REST API calls. Why do you need to use it?
-
@orange I'm making a downloader and the Woocommerce License Manager plugin doesn't contain customer_id or download_url.
Those are only accessible via /wp-json/wc/v3/customers/<id> -
@dustbro I avoided the REST API entirely and created a custom wordpress plugin, this gives complete flexibility to pull from Wordpress, WooCommerce, and the license manager plugin I'm using (different one to Orange). The one you guys are using is great if you can access everything through REST but if you need more control you have to look elsewhere because it lacks an internal API.
-
@d-healey said in Get data from Woocommerce via server api:
created a custom wordpress plugin
That's my next step if this simple filter function doesn't work.
-
@dustbro It's really quite easy. The wordpress docs and YouTube will get you up and running pretty quickly. PHP is a little different from JS but if you know a function in JS that you want to use you can search for an equivalent PHP function and there usually is one.