How to generate an API key interactively
If you publish an application you might want to enable users to generate an API key easily.
The procedure is described here. For the creation the user of your app will be forwarded to the Digistore24 page - and afterwards back to your app. Data is transferred via GET parameters.
Preparation: Generate a developer API key
You need the developer key to enable your users to generate themselves an API key interactively. The developer key is needed for steps 1 and 2 mentioned below.
Step 1: Create a developer key
- In Digistore24, go to the page Settings > Account access > tab: API keys (in the vendor view)
- Click on “New API key”
- Choose “Developer” for the “API permissions”
- Click “Save”. The developer key will be shown in the field “API key” then
Execute step 1 and 2 for every user account of your app that shall be connected with Digistore24.
Step 2: Initialize API key creation
Call up the API function requestApiKey(). Use the developer key for it.
Pass these parameters:
- permissions: The permissions of the user's new api key, e.g. writable
- return_url: After api key creation the user is redirected to this url in step 3.
The API call will return:
- request_token: Store request_token for Step 3.
- request_url: Redirect the user to the request_url. The user will authenticate and create an own API key there. You will get the API key in step 3.
Step 3: Retrieve the API key
The user will be redirected to your website by Digistore24.
Call up the API function retrieveApiKey() with your developer key.
Pass these parameter:
- token - the request_token from Step 3
The api call will return:
- api_key - the users api key
Sample script
We deliver a sample script together with the PHP class (the file examples/register.php) which demonstrates the creation of the API key.
Security
HTTPS
Furthermore, we recommend you to secure your app via SSL (i.e. the URL of your app begins with https://)
Disconnect
Enable the user to disconnect.
For this please call up the function unregister() via API. The API key will be deleted on the server then. Furthermore, associated IPN connections will be deleted.
Afterwards please delete the API key of your app.