Jump to content

Encrypt web API requests and responses

Recommended Posts

Posted (edited)

We are using the Invision web API as a license management system for our desktop software. The user logs into their account, gets an authentication token, and then uses that token to check if their software license is active. This allows them to run the software and receive updates through our system. We have been using this for over a year and it has worked extremely well, and has increased our revenue by 43%, since we do not have to rely on external sales portals.

Unfortunately, since all the requests and responses are unencrypted, the network traffic can be intercepted and used to spoof fake responses, indicating the user's license is active when it is not. This is one of the way software piracy tools work. We dealt with this by creating an intermediate script on our server, but that is causing problems of its own.

Since the commerce app provides a lot of powerful features for purchasing products and subscriptions, it seems logical to add encryption to the web API so a desktop program can accurately retrieve license info. Doing this would allow software companies to verify licenses purchased through the IPB commerce features. If you want help I can tell you in more detail how this can be achieved.

Edited by Interferon
Link to comment
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...