License Validation API

Mike

Mike

XenForo developer
Staff member
As many add-on developers (and people looking at buying second hand licenses) have requested a way to validate a license, here you go:

http://xenforo.com/api/

A customer can generate a token via the customer area for each license. You can then use that token to validate information about the license. You can also confirm if it's attached to a particular domain if you know what to lookup (without us actually giving you the full URL that it's attached to).

It can be accessed via JSON as well as the web interface. Note that there are limits to the number of times it can be hit per day.

All the details are discussed on that page.

(The link to that page is on the footer of every page, BTW.)
 
Mike said:
As many add-on developers (and people looking at buying second hand licenses) have requested a way to validate a license, here you go:

http://xenforo.com/api/

A customer can generate a token via the customer area for each license. You can then use that token to validate information about the license. You can also confirm if it's attached to a particular domain if you know what to lookup (without us actually giving you the full URL that it's attached to).

It can be accessed via JSON as well as the web interface. Note that there are limits to the number of times it can be hit per day.

All the details are discussed on that page.

(The link to that page is on the footer of every page, BTW.)
Click to expand...

Fantastic!

One question: How are domains matched?

If a license has "domain.com", will "www.domain.com" match? And "subdomain.domain.com" too?
 
A license can only be linked to one domain in the customer area - that is the one which should be given out.
 
To answer a PC about this, simply entering a domain name to check for a valid license will generate an error. This is intended. You need the token to match the domain to get a result.
 
Is there any reason the validation token should be kept private/non-public? If for example, people wanted to include them in their sig or profile page would that cause an issue?
 
RobParker said:
Is there any reason the validation token should be kept private/non-public? If for example, people wanted to include them in their sig or profile page would that cause an issue?
Click to expand...
It could give people the opportunity to take your token and offer it as their own - giving a false positive.
 
Azhria Lilu said:
It could give people the opportunity to take your token and offer it as their own - giving a false positive.
Click to expand...

Yes but you need to give it out to whoever you want to prove that you have a license to, right? Does this only work if you trust the addon developers to keep them secure/private?
 
RobParker said:
Yes but you need to give it out to whoever you want to prove that you have a license to, right? Does this only work if you trust the addon developers to keep them secure/private?
Click to expand...
You can give it out and then generate a new one after each check, rendering the previous one invalid.
 
MattW said:
But they still need to enter the URL of the site associated with the token.
Click to expand...
Have you tried it? You only need the token to validate someone has a licence and it's transferrable... having the domain url is just a secondary check.
 
Put it this way, if anyone here displays their current token, it wouldn't be hard to work out which domain it is linked to, making it worthless.

So unless you want others to be able to use your token to gain false validation, the best advice is to only give it out when asked and generate a new one each time.
 
Brogan said:
You can give it out and then generate a new one after each check, rendering the previous one invalid.
Click to expand...

Wouldn't making it a one-time thing by default be much more secure? Or at least advising on the page that you recommend regenerating it after it's been used?
 
You must log in or register to reply here.

Similar threads

Sim
License and subscription validation API specifications
Replies
1
Views
318
Paul B
P
DouglasTeles
Using Xenforo Validation API
Replies
5
Views
1K
DouglasTeles
DouglasTeles
S
  • Locked
XenForo License Validation API: get active/inactive license status
Replies
7
Views
524
Chris D
Chris D
F
License validation API
Replies
8
Views
939
Snog
Snog
J
XF 1 Custom Addon Needed - Mailgun Email Validation API Addon
Replies
1
Views
633
ForumCube
ForumCube
Back
Top Bottom