By Daniel Du
As a publisher selling Apps/Web services on Autodesk Exchange store, are you worrying about the license protection issue? As addressed in Exchange FAQ, copy protection or license management is the responsibility of the Publisher. Now I am pleased to say that we are trying to help you with that. Exchange Store now have a new REST API to check the entitlement of an user. The new API is as below:
Base URL: https://apps.exchange.autodesk.com
End Point: webservices/checkentitlement
Http Method: GET
Parameters: ?userid=***&appid=***
Return : Json object.
Here is a sample request URL: https://apps.exchange.autodesk.com/webservices/checkentitlement?userid=2N5FMZW9CCED&appid=appstore.exchange.autodesk.com%3aautodesk360%3aen
The return Json is :
{ "UserId":"2N5FMZW9CCED", "AppId":"appstore.exchange.autodesk.com:autodesk360:en", "IsValid":false, "Message":"Ok" }
IsValid: If user is entitled to access an app, which means he bought it from Exchange Store and has already paid for it, then the IsValid value is “true”, otherwise is “false”.
Message:
“OK” - current call is correct
“Invalid parameters(s)” – userid or appid is not set, please note the userID is the internal ID(GUID), which is not the meaningful user ID when you login Autodesk products or website.
“Please use https” - the request is not using https
You can get your appId from the index page URL of your app, but you may wonder how can I know customer’s userId? This user ID is end user’s internal user ID.
As you know, most Autodesk desktop products allow users login with their Autodesk ID. For AutoCAD or vertical product, their is an easy way to get current login user’s username and userid, you can use following undocumented system variables: ONLINEUSERNAME and ONLINEUSERID. But for other products, like Revit or Inventor, you will have to implement the login process with Autodesk OAuth, to get the user ID. We will talk about Autodesk OAuth latter.
For web services, if you are publishing a new web service on Exchange, you will noticed that you can specify login type of your web service. By selecting “Sign in with Autodesk account”, you customer can sign in your web service with their Autodesk ID, of cause, you need to implement Autodesk OAuth.
Autodesk provides OAuth API, you can rely on Autodesk to do the authentication without maintaining your own user system. You can refer to our github site for samples of Autodesk OAuth, which is provided by Autodesk ADN. Platforms we have samples for include C# (Windows, ASP.NET and Windows RT), Java (Android), Objective-C (iOS), PHP, Python and JavaScript (Windows RT). However, as proof-of-concept samples, they are not necessarily fully ‘bullet-proof’, so please do not use them directly in your production environment.
Ok, let’s stop here in this part, next part I will introduce how to implement Autodesk OAuth and check user’s entitlement with an ASP.net MVC application.
is it working, like expected?
I'm asking because if i use ЯЯЯ as UserId and appstore.exchange.autodesk.com:фыва as an AppId,
full string will be: https://apps.exchange.autodesk.com/webservices/checkentitlement?userid=ЯЯЯ&appid=appstore.exchange.autodesk.com%3aфыва
i got {"UserId":"ЯЯЯ","AppId":"appstore.exchange.autodesk.com:фыва","IsValid":false,"Message":"Ok"} as a result.
100% that there is no such AppId and UserId.
if i use my UserId and appId of the free plugin, that i really downloaded, i got "IsValid":false,"Message":"Ok".
so, for me Message is always = Ok, and IsValid is always = false. it doesnt depend on userId or appid at all.
maybe it works only with paid apps, and i'll see {... "IsValid": true...} only if i'll buy an app and test this string with my UserId and AppId of the app i bought?
Posted by: Nick Gorlov | 11/09/2015 at 04:32 AM