Codelone Codelone
Favourites
Account
0

How to verify a purchase code using the Envato API

18 Sep 202444
0
How to verify a purchase code using the Envato APIHow to verify a purchase code using the Envato API

How to Create and Protect Your Envato Personal Token

Step 1: Create Your Personal Token

To check purchase codes, you’ll need to create a “personal token.” This token works like a password but is only for API access and gives limited permissions to your account.

  1. Go to Envato’s Token Creation Page. If you aren’t signed in, you’ll be asked to log in.

  2. When creating your token, you need to select the following permissions:

    • View and search Envato sites (this is selected by default)
    • View the user’s items’ sales history

  3. After your token is created, copy and save it in a secure place. Envato will not show it again, so make sure to store it safely.

Step 2: Protecting Your Token

Your personal token is important and gives limited access to your account. It’s essential to keep it secure.

  • Don’t hardcode the token into your items or files that others can access.
  • Don’t share the token with anyone outside your trusted team.
  • If you think your token has been shared or exposed, delete it immediately from Envato’s token management page and create a new one.

Sending Requests to Envato API for Purchase Code Verification

When working with the Envato API, there are a few important things to keep in mind. Carefully follow the steps below to avoid common mistakes, especially the warnings marked with caution signs.

Step 1: Validate User Input

Before sending a purchase code to the API, you should validate the input. Purchase codes follow the UUID v4 format, and you can use a regular expression to ensure the code is correct before making a request. This helps avoid unnecessary errors that can break your code.

Use this regular expression to validate purchase codes:

/^([a-f0-9]{8})-(([a-f0-9]{4})-){3}([a-f0-9]{12})$/i

 

Step 2: Send the Purchase Code Using Postman (Example)

To send a purchase code validation request to the Envato API using Postman, follow these steps:

 

1. Open Postman and Create a New Request

    • Click the “+” button in Postman to open a new tab for a request.
    • Set the method to GET.

2. Set the Request URL

In the URL field, enter the following API endpoint (replace PURCHASE_CODE_HERE with the actual purchase code you want to verify):

https://api.envato.com/v3/market/author/sale?code=PURCHASE_CODE_HERE

For example, if your purchase code is 123e4567-e89b-12d3-a456-426614174002, the URL would look like this:

https://api.envato.com/v3/market/author/sale?code=123e4567-e89b-12d3-a456-426614174002

 

3. Set Up Headers

    • Click on the Headers tab in Postman.
    • Add the following key-value pairs to your headers:
Key Value
Authorization Bearer YOUR_PERSONAL_TOKEN_HERE
User-Agent Purchase code verification (or any description of your application)

 

For example, if your personal token is s6IscWrJL3NsBnqvUy6Q3XiImvcZlwkn, your headers would look like this:

 

Key Value
Authorization Bearer s6IscWrJL3NsBnqvUy6Q3XiImvcZlwkn
User-Agent Purchase code verification

 

4. Send the Request

    • After setting up the URL and headers, click the Send button in Postman to send the request.

 

Example Response for Valid Purchase Code

If the purchase code is valid and belongs to one of your buyers, Postman will return a JSON response like this:

 

Invalid Purchase Codes:

404 Error: If the purchase code looks right but doesn’t match any of the buyer's purchases, you'll see this error: “No sale belonging to the current user found with that code.”
403 Error: If the code is typed wrong or has extra spaces, you’ll get a 403 error.
Banned Accounts:

If the buyer’s account is banned, their purchase codes will also give a 404 error, meaning they can’t be validated.
 
Refunded Purchases:

If a purchase is refunded, the code will return a 404 error, just like with banned accounts.
 
Status Codes:

200: The code is valid.
404: The code can’t be found or doesn’t belong to your items.
403: There’s a problem with your token or the code format or missing permission.
401: The authorization info is missing  or not in the correct format.
 

 Test API Purchase Code Example Code

<?php
// Get the purchase code from the query string
$code = isset($_GET['code']) ? $_GET['code'] : '';
// Define regular expression pattern for validation
$pattern = "/^([a-f0-9]{8})-(([a-f0-9]{4})-){3}([a-f0-9]{12})$/i";
// Trim any extra spaces
$trimmedCode = trim($code);
// Validate the format of the purchase code
if (!preg_match($pattern, $trimmedCode)) {
    if (preg_match("/\s+/", $code)) {
        // Handle whitespace issues
        http_response_code(403);
        echo json_encode([
            "error" => 403,
            "message" => "Invalid code format with leading or trailing whitespace"
        ]);
    } else {
        // Handle format error
        http_response_code(403);
        echo json_encode([
            "error" => 403,
            "message" => "Code format is incorrect (error code: 1020)"
        ]);
    }
    die;
}
// Handle valid purchase codes
if ($trimmedCode === "86781236-23d0-4b3c-7dfa-c1c147e0dece") {
    header('Content-Type: application/json; charset=utf-8');
    echo json_encode([
        "status" => "success",
        "amount" => "19.84",
        "sold_at" => "2016-09-07T10:54:28+10:00",
        "license" => "Regular License",
        "support_amount" => "0.00",
        "supported_until" => "2017-03-09T01:54:28+11:00",
        "item" => [
            "id" => 17022701,
            "name" => "SEO Studio - Professional Tools for SEO",
            "author_username" => "baileyherbert",
            "updated_at" => "2017-11-02T15:57:41+11:00",
            "site" => "codecanyon.net",
            "price_cents" => 2000,
            "published_at" => "2016-07-13T19:07:03+10:00"
        ],
        "buyer" => "test",
        "purchase_count" => 1
    ]);
}
// Handle invalid purchase codes
else {
    http_response_code(404);
    echo json_encode([
        "status" => "error",
        "error_code" => 404,
        "description" => "No sale found for the provided code."
    ]);
}

Testing Cases

Test Case Request URL Expected Response
Valid Code 
http://localhost/api.php?code=86781236-23d0-4b3c-7dfa-c1c147e0dece
 JSON with sale information.
Invalid Code 
http://localhost/api.php?code=94252c00-df24-4cf5-99dd-49fc17e23043
 JSON with a 404 error message.
Improper Code 
http://localhost/api.php?code=02b6429f-9274-9a70-03ce49bc5a48
 JSON with a 403 error message.
Code with Leading Whitespace 
http://localhost/api.php?code= 86781236-23d0-4b3c-7dfa-c1c147e0dece
 JSON with a 403 error message for whitespace.
Code with Trailing Whitespace 
http://localhost/api.php?code=86781236-23d0-4b3c-7dfa-c1c147e0dece
 JSON with a 403 error message for whitespace.
Share post
You must be logged in to post a comment
Top