Bibliobazar License Manager (Dokan Compatible)
If you are a vendor selling digital products, plugins, apps, or APIs on our platform, this guide explains how to enable license-based API access, how licenses are generated, and how your customers can use them securely.
This system is powered by Bibliobazar License Manager and works seamlessly with Dokan multi-vendor marketplace.
π What Is the License / API Key System?
The License Manager allows you to:
- Automatically generate unique API / license keys per order
- Control access to your product APIs
- Enable plugin or app validation
- Support auto-updates (optional)
- Prevent unauthorized usage and piracy
Each license is:
- Unique per purchase
- Linked to the customer
- Can be site-locked
- Securely validated using a signed API request
π How Vendors Enable License Keys (Frontend)
When creating or editing a product in the Dokan vendor dashboard:
Step 1: Add or Edit Product
Go to:
Vendor Dashboard β Products β Add New / Edit
Step 2: Enable License Key
Scroll down to the License Settings section and:
β Check βEnable API / License Key for this productβ
Step 3: Set Expiry (Optional)
- Enter License expiry (days)
- Use
0for lifetime license
π‘ Example:
365β 1 year license0β lifetime license
Step 4: Publish Product
Thatβs it! π
License keys will now be generated automatically on purchase.
π¦ What Happens After Purchase?
When a customer buys your product:
- A unique license key is generated
- Quantity = number of license keys
- License is stored securely in the system
- Customer can use it for API access, plugin activation, or validation
You do not need to manually generate or send keys.
π How Customers Use the API License
Your customers will typically use the license key in their app, plugin, or system.
License Validation Endpoint
POST /wp-json/bbz-lic/v1/validate
Required Headers
X-BBZ-Key: LICENSE_KEY
X-BBZ-Site: https://customer-site.com
X-BBZ-Ts: UNIX_TIMESTAMP
X-BBZ-Nonce: RANDOM_STRING
X-BBZ-Sig: SIGNATURE
Signature Generation (Client Side)
$signature = hash_hmac(
'sha256',
$license_key . $site_url . $timestamp . $nonce,
hash('sha256', $license_key)
);
π This ensures secure, tamper-proof validation.
β Example API Response (Valid License)
{
"valid": true,
"expires_at": "2026-01-01",
"product_id": 1234,
"message": "License valid"
}
β Invalid or Expired License
{
"valid": false,
"message": "License expired or invalid"
}
𧩠Common Use Cases for Vendors
You can use the license key system for:
- WordPress plugins
- Mobile apps
- Web applications
- SaaS access
- Private APIs
- Download protection
- Feature unlocking
- Subscription-like access (via expiry)
π Auto-Update Support (Optional)
If you sell:
- WordPress plugins
- Themes
- Desktop apps
You can optionally enable private auto-updates using the same license key system.
π Update signing secrets are managed only by admin for security.
π‘ Vendor Security & Best Practices
β Do not hardcode secrets in frontend code
β Validate license on important API routes
β Lock license to site/app when possible
β Respect expiry dates
β Use HTTPS always
π Support
If you need help with:
- API integration
- Plugin activation flow
- Auto-update setup
- Advanced licensing logic
π© Contact: @bazarbibliogmail-com
π Docs & Tutorials: bibliobazar.com
π Start Selling Secure Digital Products Today
With Bibliobazar License Manager + Dokan, you can sell professional-grade digital products with enterprise-level licensing, without writing complex systems yourself.
Happy selling! π
