It’s no secret I’m a fan of Easy Digital Downloads as I’m a contributor and support technician Lead Developer for the project. I’m also a HUGE fan of the Software Licensing Extension we sell for it. While it’s a verify flexible extension, the vast majority of people use it to sell WordPress Plugins and Themes, as it enables users to update the items from within their WordPress admin. I needed to take it a bit further though. During the development of Post Promoter Pro I found it necessary for the plugin to periodically “call home” (once a week in this case) to to get updated social media tokens and data necessary for proper functionality.

The key here though, was I didn’t want just anybody to be able to access my API. I wanted any customer with a valid or expired license key to be able to retrieve this data. In your case, you may just want valid, but in my case I found it beneficial to the users to allow this to work after expiration, they just won’t get updates to the plugin itself. So here’s what I did.

This is a pretty code heavy example, so I apologize ahead of time.

The following code does require the Software Licensing extension and Easy Digital Downloads be installed and activated.

On our site running EDD Software Licensing

We need to create an API endpoint for the plugin to call. Here’s one I built. It receives a license key, and checks it’s status, returning the appropriate data for each case.

Plugin Name: EDD SL Endpoint for status
Plugin URI:
Description: Creates and endpoint to get license key status
Version: 1.0
Author: Filament Studios
Author URI:
License: GPLv2

add_action( 'init', 'ck_eddsl_add_endpoint' );
function ck_eddsl_add_endpoint( $rewrite_rules ) {
    add_rewrite_endpoint( 'ck-eddsl-api', EP_ALL );

register_activation_hook( __FILE__, 'ck_eddsl_activation_tasks' );
function ck_eddsl_activation_tasks() {

register_deactivation_hook( __FILE__, 'ck_eddsl_deactivation_tasks' );
function ck_eddsl_deactivation_tasks() {

add_filter( 'query_vars', 'ck_eddsl_query_vars' );
function ck_eddsl_query_vars( $vars ) {
    $vars[] = 'ck-eddsl-license-key';

    return $vars;

add_action( 'template_redirect', 'ck_eddsl_process_request', -1 );
function ck_eddsl_process_request() {
    global $wp_query;
    // If our endpoint isn't hit, just return
    if ( ! isset( $wp_query->query_vars['ck-eddsl-api'] ) ) {

    // If they didn't supply a key, return
    if ( ! isset( $wp_query->query_vars['ck-eddsl-license-key'] ) ) {
        ck_eddsl_output( array( 'error' => 'No License Key Provided' ) );

    $sl = edd_software_licensing();

    define( 'EDD_BYPASS_NAME_CHECK', true );
    $status = $sl->check_license( array( 'key' => $wp_query->query_vars['ck-eddsl-license-key'] ) );

    // If the key isn't invalid or disabled, return our API data
    if ( $status != 'invalid' && $status != 'disabled' ) {
        $data = array( 'foo' => 'bar' );
        ck_eddsl_output( $data );
    } else {
        ck_eddsl_output( array( 'error' => 'Invalid License Key. Cheetin\' eh?' ) );


function ck_eddsl_output( $output ) {
    // Helps us exit any output buffers started by plugins or themes
    $ob_status = ob_get_level();
    while ( $ob_status > 0 ) {
    // Output the data for the endpoint
    header( 'Content-Type: application/json' );
    echo json_encode( $output );

To test this, just be sure you have a valid license key, and you should be able to send a request like this:[valid license key here]
And receive a response like this:

{"foo": "bar"}

NOTE: If your endpoint gives you a 404, just go into your Settings -> Permalinks and click ‘Save’

In the plugin the user installs:

We need to create a way for the plugin the user purchases to call home to our site and retrieve the data depending on the status of their license key. In short this function does the following:

  1. Checks if the transient exists
  2. Requests the data from the API if it doesn’t
  3. Stores the data from the API for a week
function ck_eddsl_get_api_data() {
    $current_data_from_api = get_transient( 'my_api_data' );

    if ( !$current_data_from_api ) {
        $license = trim( get_option( '_my_license_key' ) );
        $url = EDDSL_STORE_URL . '/ck-eddsl-api?ck-eddsl-license-key=' . $license;
        $args = array( 'timeout' => 15, 'sslverify' => false );
        $response = wp_remote_get( $url, $args );

        if ( is_wp_error( $response ) ) {
            return false;

        $current_data_from_api = json_decode( wp_remote_retrieve_body( $response ) );
        if ( !isset( $current_data_from_api->error ) ) {
            set_transient( 'my_api_data', $current_data_from_api, WEEK_IN_SECONDS );

    // Do something with $current_data_from_api

Now, by calling this function ck_eddsl_get_api_data, the plugin will either retrieve the data from the transient if it exists from a previous call, or go to our API to get it, sending along the user’s license key.

Putting it all together

Now that we have the plugin, and the endpoint setup. Your user’s sites can request data from you directly, once a week, only if they’ve ever held a valid license key. This could be used in a number of ways, especially in a SaaS implementation. My example here is just one way it could be done.

Posted by Chris Klosowski

Chris Klosowski is the President of Easy Digital Downloads, the easiest way to sell your digital products with WordPress. Trusted by over 50,000 smart store owners.