Using Key To Generate Validation

09.12.2020
32 Comments

// Generate API key. String apiKey = RESTWebAPIKey.GenerateAPIKey(myPassword, mysaltKey); The above code will generate an API key value base on your provided password and secret/salt key values. This is the essence of partial key verification. Using the Code. If you want to use the code, just grab the demo project's source, then copy, but make sure to change the arrays! You'll also want to try making some things different. For example: Use modulus (Mod) to split your 'key' between the five clumps (of five characters), making it less obvious. The validation server returns a TokenResponse object on a successful validation. When using this endpoint for authorizing the user, use the following parameters: client id, client secret, grant type, code, and redirect uri. Jan 04, 2017 The property in web.config file configures algorithms and keys to use for encryption, decryption, and validation of forms-authentication data and view-state data, and for out-of-process session state identification.This encryption prevents tempering of session data on the server. By default the validationKey and the decryptionKey keys are set to AutoGenerate which means the runtime will generate a random key for use. This works fine for applications that are deployed on a single server. But, When you use webfarms a client request can land on any one of the servers in the webfarm. You will need to provide a fingerprint query parameter, as well as a key query parameter for license validation to succeed. A valid license will return a HTTP status code of 200, while a failed validation will return 422, along with a reason for the failure.

This is an example of creating a license activation server using PHP. Thisserver allows you to utilize Keygen 100% behind-the-scenes, so your userswill never interact with Keygen's API directly—only through this server.

This example application is not 100% production-ready, but it shouldget you 90% of the way there. You may need to add additional logging,error handling, integration with your payment provider, deliveringlicense keys via email, etc.

Running the example

First up, configure a few environment variables:

You can either run each line above within your terminal session beforestarting the app, or you can add the above contents to your ~/.bashrcfile and then run source ~/.bashrc after saving the file.

Next, start a local PHP server:

Configuring a license policy

Visit your dashboard and create a newpolicy with the following attributes:

You can leave all other attributes to their defaults, but feel free tomodify them if needed for your particular licensing model, e.g. changethe maxMachines limit, set it to floating = true, etc.

Creating a license key

From a web browser, access http://localhost:3000/generate.php. You will needto provide an order query parameter for license creation to succeed. Theresponse will contain the new license key in plaintext.

For example,

Note: in production, you should verify that the order ID actually existsand has not already been used to generate a new license key. Ideally, thegenerate.php page should only be accessed by your payment provider aftera successful order.

Activating a machine

From a web browser, access http://localhost:3000/activate.php. You will needto provide a fingerprint query parameter, as well as a key query parameterfor machine activation to succeed.

For example, /powershell-generate-random-aes-key.html.

The fingerprint query parameter is what will identify an individual machineto determine whether or not it is allowed to run your product.

Note: in production, you would perform this step from within your product.

Validating a license key

Once a user's license key has been activated, they can validate it by accessinghttp://localhost:3000/validate.php. You will need to provide a fingerprintquery parameter, as well as a key query parameter for license validationto succeed. A valid license will return a HTTP status code of 200, whilea failed validation will return 422, along with a reason for the failure.

For example,

Note: in production, you would perform this step from within your product.

Questions?

Reach out at support@keygen.sh if you have anyquestions or concerns!

Validate the authorization grant code with Apple to obtain tokens or validate an existing refresh token.

URL

HTTP Body

The list of input parameters required for validating the authorization code or refresh token.

Parts

string
(Required)

(Authorization and Validation) The application identifier for your app.

string
(Required)

(Authorization and Validation) A secret generated as a JSON Web Token that uses the secret key generated by the WWDR portal.

string

(Authorization) The authorization code received from your application’s user agent. The code is single use only and valid for five minutes.

string
(Required)

(Authorization and Validation) The grant type that determines how the client interacts with the server. For authorization code validation, use authorization_code. For refresh token validation requests, use refresh_token.

string

(Validation) The refresh token received during the authorization request.

string

(Authorization) The destination URI the code was originally sent to. It must include a domain name, and can’t be an IP address or localhost.

Response Codes

Microsoft Office Validation Key

Discussion

The validation server returns a TokenResponse object on a successful validation. When using this endpoint for authorizing the user, use the following parameters: client_id, client_secret, grant_type, code, and redirect_uri. When using this endpoint for validating the refresh token, use the following parameters: client_id, client_secret, grant_type, and refresh_token.

Creating the Client Secret

The client_secret is a JSON object that contains a header and payload. The header contains:

alg

The algorithm used to sign the token.

Using Key To Generate Validation Software

kid

Using Key To Generate Validation Pdf

A 10-character key identifier obtained from your developer account.

In the claims payload of the token, include:

iss

The issuer registered claim key, which has the value of your 10-character Team ID, obtained from your developer account.

iat

The issued at registered claim key, the value of which indicates the time at which the token was generated, in terms of the number of seconds since Epoch, in UTC.

exp

The expiration time registered claim key, the value of which must not be greater than 15777000 (6 months in seconds) from the Current Unix Time on the server.

aud

The audience registered claim key, the value of which identifies the recipient the JWT is intended for. Since this token is meant for Apple, use https://appleid.apple.com.

sub

Using Key To Generate Validation Form

The subject registered claim key, the value of which identifies the principal that is the subject of the JWT. Use the same value as client_id as this token is meant for your application.

Using Key To Generate Validation Pdf

After creating the token, sign it using the Elliptic Curve Digital Signature Algorithm (ECDSA) with the P-256 curve and the SHA-256 hash algorithm. Specify the value ES256 in the algorithm header key. Specify the key identifier in the kid attribute.

Windows Key Validation Check

A decoded client_secret JWT token has the following format: