Bibliobazar License Manager (Dokan Compatible)
If you are a vendor selling digital products, plugins, apps, or APIs on our platform, this guide explains how to enable license-based API access, how licenses are generated, and how your customers can use them securely.
This system is powered by Bibliobazar License Manager and works seamlessly with Dokan multi-vendor marketplace.
🔑 What Is the License / API Key System?
The License Manager allows you to:
- Automatically generate unique API / license keys per order
- Control access to your product APIs
- Enable plugin or app validation
- Support auto-updates (optional)
- Prevent unauthorized usage and piracy
Each license is:
- Unique per purchase
- Linked to the customer
- Can be site-locked
- Securely validated using a signed API request
🛠 How Vendors Enable License Keys (Frontend)
When creating or editing a product in the Dokan vendor dashboard:
Step 1: Add or Edit Product
Go to:
Vendor Dashboard → Products → Add New / Edit
Step 2: Enable License Key
Scroll down to the License Settings section and:
✅ Check “Enable API / License Key for this product”
Step 3: Set Expiry (Optional)
- Enter License expiry (days)
- Use
0for lifetime license
💡 Example:
365→ 1 year license0→ lifetime license
Step 4: Publish Product
That’s it! 🎉
License keys will now be generated automatically on purchase.
📦 What Happens After Purchase?
When a customer buys your product:
- A unique license key is generated
- Quantity = number of license keys
- License is stored securely in the system
- Customer can use it for API access, plugin activation, or validation
You do not need to manually generate or send keys.
🔌 How Customers Use the API License
Your customers will typically use the license key in their app, plugin, or system.
License Validation Endpoint
POST /wp-json/bbz-lic/v1/validate
Required Headers
X-BBZ-Key: LICENSE_KEY
X-BBZ-Site: https://customer-site.com
X-BBZ-Ts: UNIX_TIMESTAMP
X-BBZ-Nonce: RANDOM_STRING
X-BBZ-Sig: SIGNATURE
Signature Generation (Client Side)
$signature = hash_hmac(
'sha256',
$license_key . $site_url . $timestamp . $nonce,
hash('sha256', $license_key)
);
🔐 This ensures secure, tamper-proof validation.
✅ Example API Response (Valid License)
{
"valid": true,
"expires_at": "2026-01-01",
"product_id": 1234,
"message": "License valid"
}
❌ Invalid or Expired License
{
"valid": false,
"message": "License expired or invalid"
}
🧩 Common Use Cases for Vendors
You can use the license key system for:
- WordPress plugins
- Mobile apps
- Web applications
- SaaS access
- Private APIs
- Download protection
- Feature unlocking
- Subscription-like access (via expiry)
🔄 Auto-Update Support (Optional)
If you sell:
- WordPress plugins
- Themes
- Desktop apps
You can optionally enable private auto-updates using the same license key system.
🔒 Update signing secrets are managed only by admin for security.
🛡 Vendor Security & Best Practices
✔ Do not hardcode secrets in frontend code
✔ Validate license on important API routes
✔ Lock license to site/app when possible
✔ Respect expiry dates
✔ Use HTTPS always
🆘 Support
If you need help with:
- API integration
- Plugin activation flow
- Auto-update setup
- Advanced licensing logic
📩 Contact: @bazarbibliogmail-com
🌐 Docs & Tutorials: bibliobazar.com
🚀 Start Selling Secure Digital Products Today
With Bibliobazar License Manager + Dokan, you can sell professional-grade digital products with enterprise-level licensing, without writing complex systems yourself.
Happy selling! 🎉
