Bibliobazar License Manager (Dokan Compatible) If you are a vendor selling digital products, plugins, apps, or APIs on our platform, this guide explains how to enable license-based API access, how licenses are generated, and how your customers can use them securely. This system is powered by Bibliobazar License Manager and works seamlessly with Dokan multi-vendor marketplace. 🔑 What Is the License / API Key System? The License Manager allows you to: Automatically generate unique API / license keys per order Control access to your product APIs Enable plugin or app validation Support auto-updates (optional) Prevent unauthorized usage and piracy Each license is: Unique per purchase Linked to the customer Can be site-locked Securely validated using a signed API request 🛠 How Vendors Enable License Keys (Frontend) When creating or editing a product in the Dokan vendor dashboard: Step 1: Add or Edit Product Go to: Vendor Dashboard → Products → Add New / Edit Step 2: Enable License Key Scroll down to the License Settings section and: ✅ Check “Enable API / License Key for this product” Step 3: Set Expiry (Optional) Enter License expiry (days) Use 0 for lifetime license 💡 Example: 365 → 1 year license 0 → lifetime license Step 4: Publish Product That’s it! 🎉License keys will now be generated automatically on purchase. 📦 What Happens After Purchase? When a customer buys your product: A unique license key is generated Quantity = number of license keys License is stored securely in the system Customer can use it for API access, plugin activation, or validation You do not need to manually generate or send keys. 🔌 How Customers Use the API License Your customers will typically use the license key in their app, plugin, or system. License Validation Endpoint POST /wp-json/bbz-lic/v1/validate Required Headers X-BBZ-Key: LICENSE_KEY X-BBZ-Site: https://customer-site.com X-BBZ-Ts: UNIX_TIMESTAMP X-BBZ-Nonce: RANDOM_STRING X-BBZ-Sig: SIGNATURE Signature Generation (Client Side) $signature = hash_hmac( 'sha256', $license_key . $site_url . $timestamp . $nonce, hash('sha256', $license_key) ); 🔐 This ensures secure, tamper-proof validation. ✅ Example API Response (Valid License) { "valid": true, "expires_at": "2026-01-01", "product_id": 1234, "message": "License valid" } ❌ Invalid or Expired License { "valid": false, "message": "License expired or invalid" } 🧩 Common Use Cases for Vendors You can use the license key system for: WordPress plugins Mobile apps Web applications SaaS access Private APIs Download protection Feature unlocking Subscription-like access (via expiry) 🔄 Auto-Update Support (Optional) If you sell: WordPress plugins Themes Desktop apps You can optionally enable private auto-updates using the same license key system. 🔒 Update signing secrets are managed only by admin for security. 🛡 Vendor Security & Best Practices ✔ Do not hardcode secrets in frontend code✔ Validate license on important API routes✔ Lock license to site/app when possible✔ Respect expiry dates✔ Use HTTPS always 🆘 Support If you need help with: API integration Plugin activation flow Auto-update setup Advanced licensing logic 📩 Contact: @bazarbibliogmail-com🌐 Docs & Tutorials: bibliobazar.com 🚀 Start Selling Secure Digital Products Today With Bibliobazar License Manager + Dokan, you can sell professional-grade digital products with enterprise-level licensing, without writing complex systems yourself. Happy selling! 🎉
