Purchase Notification API

The buyer credentials API is an API to pass along buyer information when they have purchased your product. Once you receive the buyer’s information from us, you can send the customer any necessary licensing or support they will need to use your product.

Getting Started

Inside of your seller account center there is a section called API settings. From within the API settings tab, there is a section called Purchase Notification and this is where you will need to provide us with your URL endpoint for the API. What this means is that you will need to establish a web endpoint and write an API at your API endpoint /purchase_notification that can accept these messages.

A pending message will always be sent first, and will use a POST method. Purchase and refund messages will be sent using a PUT method.

JSON Format

{
    "buyer_data":
    {
        "email": "string",
        "first_name": "string",
        "last_name": "string",
        "order_id": "string",
        "is_production": "string",
        "action": "ACTION",
        "products": [
        {
            "item_id": "string",
            "item_price": "string"
        }]
    },
    "signature": string"
}

The ACTION will be one of the following:

• purchase
• pending
• refund

Security

To ensure the message was sent by us, you can verify the buyer data using the signature that is sent with it along with our public key. Below is a code snippet that performs that verification.

$ch = curl_init('http://www.mojomarketplace.com/api/v1/public_key');

curl_setopt($ch, CURLOPT_RETURNTRANSFER);

$publicKey = trim(curl_exec($ch));

$pubkeyid = openssl_get_publickey($publicKey);

$buyerData = $inMessage['buyer_data'];

$digitalSignature = hex2bin($inMessage['signature']);

$isOK = openssl_verify($message, $inSignature, $pubkeyid);

Have Questions?

If you have questions as to how to use this API, please contact us at support.mojomarketplace.com.