Autodesk Developer Network

Autodesk App Store: Implementing copy protection in your Apps

This document explains how to implement a simple copy protection/licensing system for your paid Apps on Autodesk App Store. This requires two steps:

  1. Setup your app listing on Autodesk App Store as a paid App.
  2. Architect your app and/or backend webserver so it can correctly handle IPN notifications.

Setting up your Autodesk App Store listing

To submit a paid App, you need to select “USD” as the price type, as shown below.

Depending on the method you choose to handle protection (see below) you may also need to enable PayPal or BlueSnap Instant Payment Notifications

You can enter your web service IPN handler in “Publisher Corner” section as shown below. Activate your IPNs by pressing the Active IPNs button.

Protecting your Paid App

We have provided two mechanisms that you can use to protect your paid App. However, because it is your App, there is some coding required by you to achieve this – whichever approach you take. Your two options are:

  1. Use the Autodesk App Store entitlement web service (the Entitlement API)
  2. Use your own custom built web service that consumes BlueSnap or PayPal Instant Payment Notifications relayed to your server by the Autodesk App Store server.

Using the Entitlement API

This is your simplest option for handling protecting paid App, and is your only option if you want to handle protection entirely in your (add-in) App and not have to create your own webserver.

Your App will make a simple HTTP (REST) call to the Entitlement API, passing in the unique ID of your App, and the unique Id of the customer currently signed in to their Autodesk Id from the Autodesk product in which your add-in is running. The Entitlement API response will tell you whether the user has an ‘entitlement’ to use your App (i.e. whether that user has purchased your App).

Please refer to this separate document for detailed instructions on using the Entitlement API in your App.

Using a custom built web service

The advantage of your creating your own web service is that it allows you greater control in handling and tracking usage of your App, locking the App to a specific computer, or gathering additional information from your customers (with their permission). For example, you can monitor usage patterns or errors.

To protect your paid App using your own web service, you will need to

  1. Create a web service, which
    1. Interprets the IPN notifications
    2. Manages Computer/User accounts
    3. When requested, returns the correct user entitlement status 
  2. Implement the required logic of contacting the web service (created in step 1) from your App to get the user entitlement status for a given User/Computer.

Sample workflow of a custom built web service:

1. User buys your App from the Autodesk App Store
When a user buys your App, the Autodesk App Store relays the IPN notification to the web service you registered during the App publishing workflow.

2. Parse IPN data and create/edit user account
Your web service will extract the information it needs from the IPN notification – e.g. email id, App name, payment Id, payment date etc.
You will generate a unique activation Id (GUID) and send it to the user (who has purchased the App) in an email. Your web service will add a new entry to the database table you use to store your user data. The data you store will include the user’s email address, a unique activation Id, and the user’s unique machine’s lock code.

3. User installs and runs App
When a new customer first uses your App, it displays a dialog box requesting publisher the unique activation Id provided by the publisher in stage 2. Once provided, the App captures unique machine lock code (such as network port Id) and sends it to the publisher web service along with unique activation Id.

4. App is activated
On receiving the unique activation id and machine lock code (Step 3), your web service updates its database with the machine lock code. A success message is sent to the App from the web service. On receiving a success message, the App is activated and starts working.
If the machine lock code is already present for the user (in case the user is trying to activate the App in a second computer), the request for registration is rejected and a failed message is returned to the App. The App immediately shows an error message and stops working.
With this step you can lock your App to a particular computer.

5. App working
As the App is being used, it periodically contacts your web service with its activation Id and machine lock code to get the user entitlement status. Your web service verifies the received data against its user table and returns the appropriate status.

Refer https://github.com/ADN-DevTech/Termlicensing for sample code for above workflow.

More information

The ADN team is here to help you be a successful publisher on Autodesk App Store. If you have any questions/doubts about implementing copy protection in your Apps, then please email to appsubmissions@autodesk.com