If you publish an application you might want to enable users to generate an API key easily.

The procedure is described here. For the creation the user of your app will be forwarded to the Digistore24 page - and afterwards back to your app. Data is transferred via GET parameters.

Preparation: Generate a developer API key

You need the developer key to enable your users to generate themselves an API key interactively. The developer key is needed for steps 1 and 2 mentioned below.

Step 1: Create a developer key

  1. In Digistore24, go to the page Settings > Account access > tab: API keys (in the vendor view)
  2. Click on “New API key”
  3. Choose “Developer” for the “API permissions”
  4. Click “Save”. The developer key will be shown in the field “API key” then

Execute step 1 and 2 for every user account of your app that shall be connected with Digistore24.

Step 2: Initialize API key creation

Call up the API function requestApiKey(). Use the developer key for it. 

Pass these parameters:

  • permissions: The permissions of the user's new  api key, e.g. writable
  • return_url: After api key creation the user is redirected to this url in step 3.

The API call will return:

  • request_token: Store request_token for Step 3.
  • request_url: Redirect the user to the request_url. The user will authenticate and create an own API key there.  You will get the API key in step 3.

Step 3: Retrieve the API key

The user will be redirected to your website by Digistore24.

Call up the API function retrieveApiKey() with your developer key. 

Pass these parameter:

  • token - the request_token from Step 3

The api call will return:

  • api_key - the users api key

Sample script

We deliver a sample script together with the PHP class (the file examples/register.php) which demonstrates the creation of the API key.

Security

HTTPS

Furthermore, we recommend you to secure your app via SSL (i.e. the URL of your app begins with https://)

Disconnect

Enable the user to disconnect.

For this please call up the function unregister() via API. The API key will be deleted on the server then. Furthermore, associated IPN connections will be deleted.

Afterwards please delete the API key of your app.