Get data from Woocommerce via server api
-
@ustk said in Get data from Woocommerce via server api:
download it instead of making it in locally
Why? That just seems like it will put more strain on your server.
-
@d-healey Yeah I see that issue, but I'm trying to figure out a better protection system. I know creating the license not on the computer is a part of the solution because this is what some are doing. Although I'm aware I might not be skilled enough to get it to work as efficiently :) Just exploring for now...
-
@ustk said in Get data from Woocommerce via server api:
this is what some are doing
Everyone gets cracked, don't follow the herd, try something different.
As far as doing things on the server vs doing things locally it probably doesn't make any difference. At some point your app is going to have an if statement that checks if the license is valid. This is the weak link that cannot be avoided.
-
@d-healey Yeah I know that but some people are not cracked and this is where they advise beginning... because at least you "only" have to obfuscate the license reading process, not the creation process. But obfuscation is very tricky and hard. This is a long road, but the if statement can be hard to find if done properly... I've just learnt it can, not how though...
-
My goal would be to create the license file onto the server and download it instead of making it in locally.
Use this PHP snippet a random guy posted on the JUCE forum:
https://forum.juce.com/t/create-tracktion-marketplace-key-file-via-php/13816/6
Then use the new ScriptUnlocker class in the plugin. This gives you the most robust copy protection system before going iLok (lol) with system identification and randomly distributed copy protection checks across the entire codebase - we've been using this system with PercX and Hexeract and it works great (except for that major Windows updates will mess up the machine ID so you will need to address that issue in some way that matches your security guidelines).
I know creating the license not on the computer is a part of the solution
Yes that is true. If you create the license on the server, you can use a private key for the creation that is not part of the plugin so unless a cracker replaces the embedded public key in your plugin with a rogue one and duplicates the server logic to create fake licenses you're safe (and that's a rather complicated procedure).
-
@dustbro said in Get data from Woocommerce via server api:
@orange I'm making a downloader and the Woocommerce License Manager plugin doesn't contain customer_id or download_url.
Those are only accessible via /wp-json/wc/v3/customers/<id>Will it download only? Or installer at the same time? I think only downloading the installer files might be confusing for the user because when the download is done, he might think the installation is done. So that means more support tickets :)
@d-healey said in Get data from Woocommerce via server api:
@dustbro I avoided the REST API entirely and created a custom wordpress plugin, this gives complete flexibility to pull from Wordpress, WooCommerce, and the license manager plugin I'm using (different one to Orange). The one you guys are using is great if you can access everything through REST but if you need more control you have to look elsewhere because it lacks an internal API.
I agree with David for not using the native Woocommerce REST API because of the security issues. But for building a custom WordPress plugin, I think it is not necessary.
Just thinking, what if we make a .JSON file that has all of the download links, product images, product versions...etc. And GET it? Will it be a security hole? So in this way, you won't need Woocommerce REST API calls, and also customer_id too.
-
@christoph-hart Oh great! I remember you mentioned the ScriptUnlocker already, I have to dig this...
Yeah, public/private key is, well, the key to success :) -
@orange said in Get data from Woocommerce via server api:
what if we make a .JSON file
I'm trying to avoid manual file creation cause I'm lazy :beaming_face_with_smiling_eyes:
I have a prototype that works with my Admin account that populates a panel with available downloads for each product. -
@orange said in Get data from Woocommerce via server api:
Just thinking, what if we make a .JSON file that has all of the download links, product images, product versions...etc
But if you want to customise any of that data or perform server side operations on it the REST API can't help you. This was my main problem with using REST and why I went with a custom plugin.
-
@orange @d-healey Would you guys be able to help me with a PHP example involving jwt?
I'm not well versed in PHP so I've been going over the tutorial at https://www.w3schools.com/php/ all day. I'm successfully using HISE to communicate with woo license manager endpoints like @orange so hopefully it's helpful that I'm not starting from the ground up.Using postman.co, I can POST to my wordpress JWT endpoint (/wp-json/jwt-auth/v1/token) and get a response:
{ "token": "xxxxxAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.xxxxxxodHRwczpcL1wvd29yZHByZXNzLmtvcm5lZmYuY28iLCJpYXQiOjE2NTEwMDI5NjIsIm5iZiI6MTY1MTAwMjk2MiwiZXhwIjoxNjUxNjA3NzYyLCJkYXRhIjp7InVzZXIiOnsiaWQiOiIxIn19fQ.xxxxxxPb9vASKhLm5Vgp0zxS2acm-JgM9aJOvDf0Q", "user_email": "xxxxxxxxxxx@xxxxx.xx", "user_nicename": "dankorneff", "user_display_name": "dankorneff" }
What is the proper way to make a POST call in PHP and store/use this token in the http header?
-
@dustbro
What is the proper way to make a POST call in PHP
You don't. The call is made from the client (HISE in our case) and is processed by the server.
If you're making the call from HISE you need to use
Server.setHttpHeader(["Authorization: Bearer " + token]);
before you make the call. Then you use eitherServer.callWithGET()
orServer.callWithPOST()
as needed; -
@dustbro said in Get data from Woocommerce via server api:
What is the proper way to make a POST call in PHP and store/use this token in the http header?
I haven't done this in PHP yet. Why do you need that?
-
@orange @d-healey I don't think I explained myself very well. :)
I'm designing a user dashboard on my wordpress website (completely independent from HISE) that will display products, license info, downloads, etc.
So basically pulling info from:/wp-json/wclm/v3/get-current-user-licenses/ /wp-json/wclm/v3/activate/ /wp-json/wclm/v3/deactivate/ /wp-json/wc/v3/customers/ /wp-json/wp/v2/users/
And displaying it in a useful way.
-
@dustbro If you are accessing data on your own server you need to access that data directly or through an API, there shouldn't be a need to make POST/GET requests within your own server.
I'm designing a user dashboard on my wordpress website (completely independent from HISE) that will display products, license info, downloads, etc.
Doesn't WooCommerce give you all this already?
-
you need to access that data directly or through an API, there shouldn't be a need to make POST/GET requests within your own server.
From what I'm reading, I need to use the API to access my license manager database, and the API can only communicate thru HTTP requests... and JWT authentication is required to access the endpoints. so I'm back to square one.
Doesn't WooCommerce give you all this already?
The standard user area in woocommerce leaves a lot to be desired. License codes are practically hidden in the order details page, then the customer has to go to a separate page to find their download link.
-
The standard user area in woocommerce leaves a lot to be desired. License codes are practically hidden in the order details page, then the customer has to go to a separate page to find their download link.
@dustbro There are plugins for this. We use https://yithemes.com/themes/plugins/yith-woocommerce-customize-myaccount-page/
Also, this plugin should automatically add a section to the My Account area for licenses: https://www.licensemanager.at/
You don't need any JWT authentication, and at most you'll just need a few Read/Write calls from that license manager plugin. I've already looked at literally all the options and plugins available for license management via Woocommerce, and that's the best option by a mile.
-
@Casey-Kolb @dustbro @d-healey @orange Noob alert but where should I begin to make a license delivery system in woo please?
-
-
@dustbro
The standard user area in woocommerce leaves a lot to be desired. License codes are practically hidden in the order details page, then the customer has to go to a separate page to find their download link.
Yes, the standard Woocommerce account page is boring, but as @Casey-Kolb suggested, you can go with a plugin to customize the layout.
Also if the user login to their account successfully directly on the website, you won't need JWT authentication. But if you want to make a separate website for the account page & licenses particularly, then you'll need that JWT auth to use the APIs. In this case, I will suggest going with a PHP developer on Upwork or Fiverr.
-
@d-healey said in Get data from Woocommerce via server api:
I avoided the REST API entirely and created a custom wordpress plugin, this gives complete flexibility to pull from Wordpress, WooCommerce, and the license manager plugin I'm using (different one to Orange).
I think I need to do the same. Any chance you can give some insight on creating a plugin that will give me access to the woocommerce customer download links?