License Validation API

Oh, I forgot to mention that I added a "license token" (different from the validation token) that uniquely identifies a license across validation tokens. So a dev could store that rather than the validation token and simply check that subsequent calls match that (if they desire to attach things to a particular license).
Does the token change when the license changes the owner?
 
Super sexy... Already incorporated it into our secondhand license sales section of our site...

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

License Validation Token only appears when you choose the "Selling XenForo" prefix... validation happens in realtime and will block any listing from being posted that isn't both valid and eligible for transfer.

Also does some other things like prevent someone from listing the same license more than once.

BTW - I already reset my validation token since making that video just now. :)
 
Super sexy... Already incorporated it into our secondhand license sales section of our site...

To view this content we will need your consent to set third party cookies.
For more detailed information, see our cookies page.

License Validation Token only appears when you choose the "Selling XenForo" prefix... validation happens in realtime and will block any listing from being posted that isn't both valid and eligible for transfer.

Also does some other things like prevent someone from listing the same license more than once.

BTW - I already reset my validation token since making that video just now. :)
I notice you don't ask for the domain
 
I notice you don't ask for the domain
Nope... don't really care about the domain to be honest. They are selling the license, so I'd assume the domain is going to change after the sale anyway.

I really just care if the license is valid/transferrable. I don't care what domain they are currently using it on (if any).
 
I've written a little class that performs validation and allows for the best practice approach. It should be easy to integrate in to whatever people are using (either XenForo itself or just a standalone checker). The code is here:

https://gist.github.com/sheepcow/5377877

I've not tested it with a real token (I'm an associated person rather than a license holder) but it's simple enough to understand/edit.

There are some examples at the top of the file for how to use it.

Edit: I probably should have said it's for developers more than end-users as it requires integration in to your application, on it's own it's useless.
 
I don't think you're actually checking that there's a domain match in the JSON response there, if a domain is passed in. (The data is still returned based on the token only, more data is returned with a domain as well.)
 
I don't think you're actually checking that there's a domain match in the JSON response there, if a domain is passed in. (The data is still returned based on the token only, more data is returned with a domain as well.)


And that's why testing is important :). I've updated it to check the domain_match result.
 
That's probably because you have whatever code set to follow redirects and we redirect www to no-www. You may want to turn off follow redirects.
 
I was actually using XenForo_Http_Helper::getClient() without changing anything else. But that actually makes sense... I wasted like two hours rewriting my code to get it to work. Felt like an idiot. lol
 
Excellent TY Mike :) Awesome to see a high end company really assisting 3rd parties. Cheers this is perfect for our up coming offerings.
 
Is it possible to access the API with jQuery? Seems like I'm getting an error every time I try, but maybe I got some error in my code.
Code:
$(document).ready(function() { 
    $(\'#start_form\').ajaxForm(function() {
        var postData = {
                token:$(\'#API_KEY\').val(),
                domain:$(\'#Domain\').val()
        };
       
        $.post( "http://xenforo.com/api/license-lookup.json", postData, function( data ) {
                alert(data);
        }, "json");
    }); 
});

The form below is just a basic form including two fields, one for the token, one for the domain and the submit button, which triggers the function above. However, when submitting the code and triggering the event, I get the following error in my console:
Code:
MLHttpRequest cannot load http://xenforo.com/api/license-lookup.json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:1337' is therefore not allowed access.

As seen in the error, I'm trying to access the API trigger from my local XAMPP installation.
 
However it is not working when calling it via jQuery, but a workaround would be to call a php file at the server you're requesting the validation from and there within do the real validation request and just hand the result back to jQuery.
 
It's not the browser, jQuery will add the Origin header, the XenForo server needs to return a valid
Access-Control-Allow-Origin header in the response, that's up to XenForo to decide ;)
Yep, XenForo could allow it if they want, but would be a bad idea in my opinion.
 
Top Bottom