It’s no secret I’m a fan of Easy Digital Downloads as I’m a contributor and support technician Lead Developer for the project. I’m also a HUGE fan of the Software Licensing Extension we sell for it. While it’s a verify flexible extension, the vast majority of people use it to sell WordPress Plugins and Themes, as it enables users to update the items from within their WordPress admin. I needed to take it a bit further though. During the development of Post Promoter Pro I found it necessary for the plugin to periodically “call home” (once a week in this case) to to get updated social media tokens and data necessary for proper functionality.

The key here though, was I didn’t want just anybody to be able to access my API. I wanted any customer with a valid or expired license key to be able to retrieve this data. In your case, you may just want valid, but in my case I found it beneficial to the users to allow this to work after expiration, they just won’t get updates to the plugin itself. So here’s what I did.

This is a pretty code heavy example, so I apologize ahead of time.

The following code does require the Software Licensing extension and Easy Digital Downloads be installed and activated.

On our site running EDD Software Licensing

We need to create an API endpoint for the plugin to call. Here’s one I built. It receives a license key, and checks it’s status, returning the appropriate data for each case.

To test this, just be sure you have a valid license key, and you should be able to send a request like this:[valid license key here]
And receive a response like this:

{"foo": "bar"}

NOTE: If your endpoint gives you a 404, just go into your Settings -> Permalinks and click ‘Save’

In the plugin the user installs:

We need to create a way for the plugin the user purchases to call home to our site and retrieve the data depending on the status of their license key. In short this function does the following:

  1. Checks if the transient exists
  2. Requests the data from the API if it doesn’t
  3. Stores the data from the API for a week

Now, by calling this function ck_eddsl_get_api_data, the plugin will either retrieve the data from the transient if it exists from a previous call, or go to our API to get it, sending along the user’s license key.

Putting it all together

Now that we have the plugin, and the endpoint setup. Your user’s sites can request data from you directly, once a week, only if they’ve ever held a valid license key. This could be used in a number of ways, especially in a SaaS implementation. My example here is just one way it could be done.

Post Promoter Pro

Posted by Chris Klosowski

Hi, I'm Chris Klosowski. Currently I am a Lead Developer of Easy Digital Downloads, where we build the easiest way to sell digital products with WordPress. I am also the person behind Post Promoter Pro, the most effective way to promote your WordPress Content.


  1. Hey Chris, thanks for sharing your knowledge on this post. Do you do any independent software consulting or programming? And do you have any experience implementing EDD Software Licensing into a Windows Desktop Application? I have a program built and ready to go and now I am exploring the best ways to sell it. Any feedback or advice would be greatly appreciated, and I’d be happy to discuss compensation as well. Thank you!

    Best Regards,



    1. Hey Vinny,

      I’m actually one of the contributing developers on Easy Digital Downloads as well as a support tech. While I’ve not used EDD Software Licensing for Windows Desktop Applications, the API to check the license status is outlined in this doc:


  2. Hello
    I am interested in the edd Licensing as well. I intend to use it in a non-WP project.

    The most important functionality would be for me the local key implementation as whmcs or spbas have for instance.

    Are there any way to have a local key implementation for non wp php projects ?

    This kept me way of edd for almost 2 years.

    Thank you.


  3. Chris Klosowski March 3, 2015 at 7:39 am


    The EDD Software Licensing extension only requires that the site selling the license keys be running WordPress. The license key can be used in any form of ‘customer experience’ so long as it’s able to make an external request to your site to verify the license key is valid.

    Software Licensing has an API that you can call to (as seen above). I’m not 100% positive of what you are expecting of your situation, but it sounds like you’d just need to develop your WHMCS type application to call back to the primary site to check if a license key is valid or not.


  4. No. On edd at each run the licensed script is calling home. Each time. Which makes the called licensing server running with high CPU.

    When you have 6000 licenses calling home and interrogating the license server you will feel the load.

    A local key saves the license info and at each run the script firstly checks the local key for valid info and only if it is expired or it is modified calls home.

    For instance in my current setting the script calls home once at each 15 days.
    Of course if the scrambled local key is modified calls home automatically.

    This way the script will run even the licensing server is down for instance.


  5. Sorry for giving this example but I sincerely wanna have it implemented in edd. Check it here:


    1. Chris Klosowski March 3, 2015 at 11:06 am

      Ah, yes I can see that use case.

      It’s important to know, that the only way that Easy Digital Downloads Software Licensing has it in the ‘sample’ implementation to call home, as it provides updating WordPress plugins.

      In my case, I only call back every 7 days for my API License Key check. You could also implement it this way, but it would not meet your ‘local key’ issue.

      It’s something I can look into and see if it’s possible, as I work for the Easy Digital Downloads project full time. I’ll create an issue on GitHub for us to track that.


    2. Rollo,

      Also, RE: you concern on the CPU Load, The Easy Digital Downloads site itself uses the EDD SL API Keys for all the products sold on it. Currently we have over 6000 of those currently active, and checking in for updates. So your concern to performance, while I understand, is something that we have not seen with this and are aware of while developing the checks.


  6. I am sure of this.
    There is no problem if the licensing server is called at the activation or at updates.

    But this is my scenario:

    Unfortunately one of my projects use the licensing code on a file that generates the direct video source from YouTube for instance.

    The protection check is added to that file obviously.

    As this is a main file in video cms and at each video file that is seen by the visitors that means in 30 days around 30 millions of checks against the licensing server . that means 1 mil per day which is huge. It is as a small ddos.

    If a customer has a visits spike that means more requests against our licensing server.

    Having a local key file would help a lot. As all requests would be 99% local.

    We used spbas for 4 years and we moved to whmcs licensing.

    But as we use WordPress as shop I would like to have the licensing built in.

    I asked the same question last year over the edd forums but unfortunately this feature isn’t so requested as I see.
    Even if – in my opinion – it is important.

    BTW: sorry for my English. It isn’t my native language.


    1. Chris Klosowski March 3, 2015 at 12:21 pm

      I would love to continue this discussion, would you mind sending in a ticket at I think the comments isn’t the best place to respond to this subject, at this length. Also, that will allow the rest of the team to chime in as well. Once you open a ticket there, I’ll copy in our conversation so i can share it.

      No problem on the english at all.


  7. Sure, Thank you


  8. Sander Kuipers March 8, 2016 at 4:46 am

    Hi Chris, this may be a little off topic but I need some sort of tool that allows locking of a specific download with an manual entry key by an admin. Is this possible?

    What I’m trying to achieve here is:
    – let customers buy a PDF file that is password protected (admin has entered a password when saving on desktop)
    – let admin enter that password when creating a new product with the PDF attached to the download.
    – that key will be printed onto the receipt and will be shown in his downloads history


    1. Sander,

      EDD Core has a ‘Download Notes’ area when creating a download that will allow you to display content that is only shown on the purchase confirmation and email receipt.

      You could just put the password into this field and when people complete the purchase they’ll have access to it immediately via the purchase confirmation or via the ‘View Downloads and Details’ link in the purchase history.


  9. Hello,
    I’m just wondering whether it’s possible to trigger the “create license” API command from a payment vendor such as PayPal or FastSpring. That is, when the user purchases the software, the vendor is configured to trigger an action (such as posting the new order information). This would in-turn create the license in EDD Software Licensing.
    Thank you!


    1. Mike,

      The built in EDD Software Licensing API does not have a write endpoint like that. It is possible to do, but you’d have to custom build an endpoint to listen for the license creation call then have your custom code fire off the license creation process.


  10. […] is a challenge that actually hits my own site pretty heavily as I write on things ranging from interacting with APIs all the way through how life changing working in open source can become. If you aren’t […]


  11. Have you done something with the API to connect to WHMCS to do trouble tickets and client creations?


  12. Hi Chris,

    how to make the code work if the store is under maintenance ?

    In particular, if is in maintenance mode: license key here]&url=[client url here] WORKS FINE license key here] DOESN’T WORKS (503 Service Unavailable)


    1. Chris Klosowski October 31, 2018 at 1:37 pm

      This depends on what type of maintenance mode you are using. A 503 is returned by your server as unavailable. If this is the WordPress maintenance mode during updates, then there isn’t away around this until maintenance mode is removed.

      If you are using a plugin, then you’d need to find a way to allow that plugin to bypass maintenance mode to continue.


  13. Running into some issues storing the appropriate transients and outputting a message in the front-end (when a key is anything but “valid”). My code is somewhat similar to what you’ve got going on, but not exactly the same. I’m stuck and sort of out of options (spinning my wheels over here). Any way I can hire you to take a look at my setup? Happy to share more info if you’re interested. Thanks Chris!


Leave a reply

Your email address will not be published. Required fields are marked *