API Questions

Hello @aliakro,

What does your base URL look like? The full URL should be something like:

https://www.example.com/wp-json/lmfwc/v1/licenses?consumer_key=CONSUMER_KEY&consumer_secret=CONSUMER_SECRET

I think it is safe enough if you give it READ only permissions. Will you also activate license keys with your plugin?

Ah! I’m an idiot! Sorry… forgot wp-json!

Plan is for Woocommerce to take payment, generate the key and then the user can add it into the license section of the plugin. IT will then call out to your plugin to ensure it is valid and if so, activate it ??

Might be worth adding the wp-json in the documentation? ??

{{host}}/wp-json/lmfwc/v1/licenses?

Thinking about it, I might need to write something to wrap around your API… with an API key I can get all licenses etc

Yes, definitely! I think my host variable included the wp-json. I will fix this.

But if the plugin performs the check from inside itself, people can just edit the part where it calls to the plugin API and return a valid response.

Or am I understanding this wrong?

Yeah, it’s not the most secure… mmm maybe I should move to having a downloadable product…

Would you consider adding scopes to API calls? For example, an API key could be set to only be allowed to activate?

Yes, I was just considering the same thing. I’ll definitely look into this, good thinking!

Ah perfect… I might need to rethink how to implement this for now ??

Cheers,

Ali

Thanks

@aliakro,

is everything working as expected? Do you need further assistance?

I think for now, I’m going to avoid the API activate / deactivate etc until I can control which endpoints are accessible. I was thinking of writing nginx rules to block certain URLs or hook in and use WP to deregister endpoints.

Then I decided the simplest way would be to write a small plugin, that I can ideally wrap around your plugin. This plugin would then filter your generator with my own, so I could then reduce the work required in my plugins (as my license would work out the box).