magdev/wc-licensed-product-client
1
Fork 0
Code Issues Pull Requests Activity
19 Commits 2 Branches 4 Tags
v0.2.0
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
magdev 7fc838ada7 Release version 0.2.0 
Security improvements and server implementation alignment.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-26 16:36:29 +01:00
docs
Align client and server signature implementation
2026-01-26 16:33:44 +01:00
src
Align client and server signature implementation
2026-01-26 16:33:44 +01:00
tests
Add security layer with response signature verification
2026-01-22 16:16:59 +01:00
tmp
Update OpenAPI spec and clean up security classes
2026-01-22 21:04:53 +01:00
.editorconfig
Initialize composer project for WooCommerce Licensed Product Client
2026-01-22 15:37:20 +01:00
.gitignore
Add PHPUnit test suite
2026-01-22 16:05:28 +01:00
CHANGELOG.md
Release version 0.2.0
2026-01-26 16:36:29 +01:00
CLAUDE.md
Release version 0.2.0
2026-01-26 16:36:29 +01:00
composer.json
Add PHPUnit test suite
2026-01-22 16:05:28 +01:00
composer.lock
Add PHPUnit test suite
2026-01-22 16:05:28 +01:00
phpunit.xml
Add PHPUnit test suite
2026-01-22 16:05:28 +01:00
README.md
Add comprehensive client implementation documentation
2026-01-23 16:33:10 +01:00

README.md

WooCommerce Licensed Product Client

A PHP client library for the WooCommerce Licensed Product Plugin REST API. Activate, validate, and check the status of software licenses.

Requirements

  • PHP 8.3 or higher
  • Composer

Installation

composer require magdev/wc-licensed-product-client

Features

  • Object-oriented client library
  • Secure client with response signature verification (HMAC-SHA256)
  • PSR-3 logging support
  • PSR-6 caching support
  • PSR-18 HTTP client compatible
  • License validation against domains
  • License activation on domains
  • License status checking
  • Comprehensive exception handling
  • Code integrity verification
  • Built on Symfony HttpClient

Usage

Basic Usage

use Magdev\WcLicensedProductClient\LicenseClient;
use Symfony\Component\HttpClient\HttpClient;

$httpClient = HttpClient::create();
$client = new LicenseClient(
    httpClient: $httpClient,
    baseUrl: 'https://your-wordpress-site.com',
);

// Validate a license
$licenseInfo = $client->validate('ABCD-1234-EFGH-5678', 'example.com');
echo "Product ID: " . $licenseInfo->productId;

// Check license status
$status = $client->status('ABCD-1234-EFGH-5678');
echo "Status: " . $status->status->value;

// Activate a license
$result = $client->activate('ABCD-1234-EFGH-5678', 'example.com');
echo "Activated: " . ($result->success ? 'Yes' : 'No');

With Logging

use Magdev\WcLicensedProductClient\LicenseClient;
use Psr\Log\LoggerInterface;
use Symfony\Component\HttpClient\HttpClient;

$client = new LicenseClient(
    httpClient: HttpClient::create(),
    baseUrl: 'https://your-wordpress-site.com',
    logger: $yourPsrLogger, // Any PSR-3 compatible logger
);

With Caching

use Magdev\WcLicensedProductClient\LicenseClient;
use Psr\Cache\CacheItemPoolInterface;
use Symfony\Component\HttpClient\HttpClient;

$client = new LicenseClient(
    httpClient: HttpClient::create(),
    baseUrl: 'https://your-wordpress-site.com',
    cache: $yourPsrCache, // Any PSR-6 compatible cache
    cacheTtl: 600, // Cache TTL in seconds (default: 300)
);

Exception Handling

use Magdev\WcLicensedProductClient\Exception\LicenseNotFoundException;
use Magdev\WcLicensedProductClient\Exception\LicenseExpiredException;
use Magdev\WcLicensedProductClient\Exception\DomainMismatchException;
use Magdev\WcLicensedProductClient\Exception\RateLimitExceededException;
use Magdev\WcLicensedProductClient\Exception\LicenseException;

try {
    $licenseInfo = $client->validate($licenseKey, $domain);
} catch (LicenseNotFoundException $e) {
    // License key does not exist
} catch (LicenseExpiredException $e) {
    // License has expired
} catch (DomainMismatchException $e) {
    // License is not valid for this domain
} catch (RateLimitExceededException $e) {
    // Too many requests, retry after $e->retryAfter seconds
} catch (LicenseException $e) {
    // Other license-related errors
}

Secure Client

For enhanced security, use SecureLicenseClient which verifies response signatures:

use Magdev\WcLicensedProductClient\SecureLicenseClient;
use Magdev\WcLicensedProductClient\Security\SignatureException;
use Symfony\Component\HttpClient\HttpClient;

$client = new SecureLicenseClient(
    httpClient: HttpClient::create(),
    baseUrl: 'https://your-wordpress-site.com',
    serverSecret: 'shared-secret-with-server', // Must match server configuration
);

try {
    $licenseInfo = $client->validate('ABCD-1234-EFGH-5678', 'example.com');
} catch (SignatureException $e) {
    // Response signature invalid - possible tampering!
}

Important: The secure client requires the server to sign responses. See docs/server-implementation.md for server setup instructions.

Security Features

  • Response Signatures: HMAC-SHA256 verification prevents response tampering
  • Timestamp Validation: Prevents replay attacks (5-minute tolerance)
  • Per-License Keys: Each license has a unique verification key
  • Code Integrity: Optional verification of source file integrity

Documentation

For detailed implementation guides, see:

Testing

Run the test suite with PHPUnit:

./vendor/bin/phpunit

API Endpoints

This client interacts with the following WooCommerce Licensed Product API endpoints:

  • POST /validate - Validate a license key for a specific domain
  • POST /status - Get detailed license status information
  • POST /activate - Activate a license on a domain

License

GPL-2.0-or-later

Author

Marco Graetsch

Contributing

Issues and pull requests are welcome at https://src.bundespruefstelle.ch/magdev/wc-licensed-product-client/issues

Reference in New Issue View Git Blame Copy Permalink
Description
Client library for licensed PHP projects sold by WooCommerce Licensed Product Plugin
Readme 116 KiB
Languages
PHP 100%