I would be very interested if KF could include some sort of licensing interface within the API system. For example: - We sell a script for £xx on our site. User enters their KF username 'abc' into the order form - We notify KF via the API (from our site) that username 'abc' has access to run module 'xyz' - User installs script on their site, and puts their username in. This authenticates with the KF server. - Without this authentication, the script can't be used, and all SOAP requests fail. If something similar could be developed, then that would be very good! The big problem with creating a module is that anyone could buy it once, and then pass it onto their friends etc...
Hi Khalid, I'm not sure I follow the logic. Would it make more sense to have the script call back to your own servers to get permission to run? Although I can see how that could be circumvented. But unless your script uses bespoke functions in our API, then I can't see how the above could work.
I'll re-think the process, and reply at a later date. I would be happy for it to call back to our own servers, but as you say, this can be circumvented. Having a licensing facility would be very handy.
Unless I'm missing the mark here, what Jeewhizz is after is some way to stop more than one account using the same license to access a 3rd party tool that utilises the API. Thinking about this some more perhaps the requirement here is to incorporate a unique license key that the developer issues and that can be incorporated into the Kashflow account settings. ... however I would have thought that any 3rd party app using the API is going to have it's own licensing system and really won't be calling it through Kashflow direct unless you've agreed a customisation that's on the Kashflow site directly and in the configuration settings. More likely is that someone is going to have an account on the 3rd party app site and part of their key is their kashflow username or similar. On that basis it'd be easy enough for the 3rd party app' to just... Oh... Hold on a second.. I'm assuming a 3rd party app would be web based and thus easily controllable from a licensing point of view.. Whereas something like a standalone app installed on a users computer would be a different story. @ Jeewhizz: Am I getting it right that you want to be able to provide a license that the kashflow site then queries and applies to a specific account and then denies any other user accounts the ability to use the same license key with their accounts too? If so, that would definitely be a useful feature to include but it does put Kashflow in the position of enforcing your licensing and might blur the boundaries somewhat on responsibility, etc...
Yup. No license / wrong license = no show. I could put a license routine into the PHP code, but it's easy to circumvent if you know what you are doing. The other option is for us to encrypt every file, but this would then require each end user's host to have the decryption utilities, which isn't that likely
But this would still need bespoke functions on our API. If it's using the standard functions then the vast majority of calls would have no license code passed in, as it wouldn't be required. Unless I'm seriusly misunderstanding then I think the best option is for it to query your own API for authorisation. If your add-on is compiled then this would be fine,
But that's the issue. If companies are going to develop paid-for modules for common web applications, they can't be compiled. You can't compile PHP code. You can encrypt it, but it requires encryption libraries to be installed on the hosting server, which most shared hosts don't have. It's a bit of a catch-22 really. I only brought up the point, to open up some dialogue, to see if others felt the same