Serial
Serial codes (e.g., 1234-ABCD-6789-STACK)
Static Serial
Every customer receives the exact same serial code.
URL
Unique URLs (e.g., http://thevendor.io/redeem?code=A-Unique-C0de)
Static URL
URL must be exactly the same for every user (i.e., does require a customer's name, etc) e.g., http://www.vendor.io/stacksocial
Dynamic URLs
If the URL needs dynamic elements (such as the customer's name).
For example, the URL should look something like this:
https://www.vendor.io/redeem?customer_name=<name> and it returns a license code/url, then use one of the folowing:
RPC for Serial
When it returns a serial code (e.g., 1234-ABCD-6789-STACK)
RPC for URL
When it returns a license URL (e.g., http://thevendor.io/redeem?code=A-Unique-C0de)
POST RPC for Serial
Same as above, but uses POST
POST RPC for URL
Same as above, but uses POST
Important: URL must return only a serial code or only a license URL.
It may not return JSON (e.g., {license_code:"some-code"}) or HTML (e.g., <html><body>the_license_code</body></html>).
All 4 types of dynamic URL mentioned above may contain these elements:
- <name>
- <first_name>
- <last_name>
- <email>
- <transaction_id>
To use them, place the element into the appropriate place in the URL, for example:
https://www.vendor.io/redeem?first_name=<first_name>&last_name=<last_name>&email=<email>&txn_id=<transaction_id>
License Salt
If concerned about the security of license generation (e.g., that the license URL would become publicly known), use the License Salt field. It will automatically append an additional hash parameter to the license URL for you (vendor) to validate against. Its value is a hashed version of <name> (see above) + the salt value you enter.
This is how the hash parameter is generated:
sanitized_name = tokens[:name].strip.gsub(/[^a-zA-Z0-9 \.]/, '')
salted_name = sanitized_name + product.license_salt
hash = Digest::MD5.hexdigest(salted_name)
REDEMPTION BEST PRACTICES
- Keep any landing page details generic to not confuse customers, as they will be coming from a variety of publishers
- License codes should never expire
- Collect credit card information from customers during the redemption process for automatic renewals
- Make sure your redemption process does not charge the customer again
Comments