PHP Example

Please note these are examples. It is recommended that you make one that is more complex and adjustable to your needs.

In this example we will use 'cURL', a PHP dependency that makes our job easier for making requests and of great quality.

Before writing purposeless code, we will properly inform ourselves about the responses returned by the system.

  • INVALID_SECRET: This error is due to the lack of the required 'PUBLIC_SECRET' for validation.

  • INCORRECT_SECRET: We should already understand this — this error is due to a mismatch between the PUBLIC_SECRET and the secret sent to validate the key.

  • Disallowed method: Since validations only work with the POST method, any other attempt like GET will return 'disallowed method'.

  • Unsupported content type: Since each validation has a unique type for key verification, using a different one will return 'Unsupported content type'.

  • KEY_UNKNOWN: This error means the key does not exist in the database for validation. Without an existing key, validation will not work under any circumstance.

  • KEY_EXPIRED: This error is returned when the key passes the existence check, indicating that the key has already expired and cannot be used for validation, unless it is set to never expire or the expiration date is updated.

  • RESOURCE_UNKNOWN: If the key is required to have a resource and the requesting resource is named 'Blusters' but the key contains the resource 'Bluster', it will not pass for security due to the resource mismatch.

  • KEY_DISABLED: This can be applied by the clients themselves. This error means the license is offline and cannot be validated unless it is reactivated in the system either by an administrator or the client.

  • IP_LIMIT: The key has reached the IP limit per license.

  • HWID_LIMIT: The key has reached the HWID limit per license.

  • VERSION_INVALID: This means the resource has a different version. To disable version verification, do not complete the 'version' column or avoid marking the resource version as required.

Example of PHP code for validation:

<?php
$url = 'https://YOURSITE.COM/verify.php'; //The URL with /verify.php at the end for validation to your site.

$data = [
    'type' => 'validation',
    'key' => 'it5BBsXH-DW96-Lt48-lh0e-gzo9xtuKiW9N',
    'resource' => 'Bluster', //Here you should enter the name of your resource. Preferably, by obfuscating the codes, this will prevent it from being changed. However, for added security, we place the resource's obligation in the already inserted key.
    'client' => '', //Leave this empty if you don't want the user to enter their account's secret key for more secure validation.
    'custom_ip' => getClientIP(), //Leaving it empty will execute the verify.php action that brings the getClientIP.
    'custom_hwid' => getSerialNumber(), //Leaving it empty will place only 'na'.
    'version' => '1.2', //If you do not want to be forced to have the same version as the uploaded resource, do not complete it.
];
// You will need to have the cURL dependency to be able to test this example.
$jsonData = json_encode($data);

$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $jsonData);

curl_setopt($ch, CURLOPT_HTTPHEADER, [
    'Content-Type: application/json',
    'Authorization: Bearer SOFTWARE_PUBLIC_SECRET' // Always put the PUBLIC_SECRET here.
]);

$response = curl_exec($ch);

echo 'Result: <br />';
print_r($response);

curl_close($ch);

// We would get the name of the service 'VPS/Host' and this can be changed but if it is a host it is almost impossible. You have to check this carefully, because some host may block it and not allow you to obtain it.
function getSerialNumber() {
    $hostName = php_uname('n');
    $uniqueId = $hostName;
    return $uniqueId;
}

// This is more advisable for websites because it allows you to insert the IP addresses of users entering the site, rather than the VPS/Host, which is what we need to keep everything secure.
function virtualIPMachine() {
	$ip = gethostbyname(gethostname());
	return $ip;
}

// This will get the IP of the logged in user. If it is a JAVA plugin or something running on the computer, it mostly knows how to get the IP of the machine and not the user.
function getClientIP() {
    if (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
        $ipList = explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
        return trim($ipList[0]);
    } elseif (!empty($_SERVER['HTTP_CLIENT_IP'])) {
        return $_SERVER['HTTP_CLIENT_IP'];
    } else {
        return $_SERVER['REMOTE_ADDR'];
    }
}
?>

Response code:

  • 405: Disallowed method.

  • 415: Unsupported content type.

  • 401: Invalid Secret.

  • 402: Incorrect Secret.

Clearly, the example is intended to show you the results to check for any issues and such. If you need to perform validation, you'll have to do it yourself to better adapt it to your resource. The same goes for adding the custom or version.

PreviousAPI Integration

Last updated