Resource injector third-party licensing

[Eric]

Hey,

As resources seem to get leaked a lot at the moment, there are a lot of third-party "license" check products which add another layer of protection to slow down crackers.

My suggestion is to add the ability to have a custom resource injection placeholder which when a customer purchases a product, calls a configurable third-party webhook (with a secret token to stop unauthorised use), this webhook issues and returns a license key which is automatically injected into the config.yml, or in the compiled jar using the same resource injector. This plugin can then be run and used without having to contact the resource owner and wait for a license key to be manually issued.

Having something like this would allow resource owners to sell their product without worrying about issuing license keys manually.

**An added bonus to this would also be a webhook which triggers when a chargeback is made, to remove the license**

Here's a flowchart to show how it could work:

There is an edge case here, where the third-party webhook could fail, but in that case it should block the purchase or notify the user and allow them to decide?

This is a fairly simple addition and would make the resource injector even better!

Cheers,
Eric

 

[Justis]

At the moment, the resource injector is undergoing heavy development, and likely will continue to for some time. The resource injector will not always be on; and currently, the system is set up so that if the injector is unavailable or if a scan comes up absent of any placeholders, or an error occurs, the user attempting to download will receive the original file.

Setting up the injector as a licensing system replacement sounds slightly dangerous; at least at the moment.
Setting this up so that buyers and sellers are not disgruntled, especially in ways that would be outside our ability to help, would require a lot of development.

This is something that I want, but it is something that should be prioritized only later down the line.

 

[Eric]

At the moment, the resource injector is undergoing heavy development, and likely will continue to for some time. The resource injector will not always be on; and currently, the system is set up so that if the injector is unavailable or if a scan comes up absent of any placeholders, or an error occurs, the user attempting to download will receive the original file.

Setting up the injector as a licensing system replacement sounds slightly dangerous; at least at the moment.
Setting this up so that buyers and sellers are not disgruntled, especially in ways that would be outside our ability to help, would require a lot of development.

This is something that I want, but it is something that should be prioritized only later down the line.

Absolutely agree that there are bigger fish to fry at the moment, but it's definitely something which would be useful to resource customers. I can imagine it's a pain having to contact a resource owner to get a license key after already purchasing.

 

[Mick]

I'll move this to pending for further consideration for implementation after our XF2 migration. We'll be introducing an API soon enough, and working out a clever way to allow them to work together could be really great.

Thanks for the suggestion

 

[Mick]

To provide an update on this suggestion, it's something that we've definitely got planned to be introduced after we migrate to XF2. We'll be creating a license key placeholder that will be accessible through the API and through a soon-to-be-released downloads page for each of your resources. The key will be generated on a per-user and per-resource basis, so downloading the same product multiple times from the same account will all inject the same key. I expect that this will be very useful to a number of authors and look forward to implementing it over the next couple of months.

I'll leave this in pending for now, but eventually when this is fully implemented I'll move the suggestion to accepted. Thank you