Purchase Key Guard is a Laravel package that helps protect your Laravel application from unauthorized use by validating a purchase key. It uses middleware to ensure that the application can only be used with a valid purchase key, making it a great solution for commercial or licensed applications.
- Middleware to validate purchase keys.
- API support for key validation.
- Easy-to-configure purchase key service.
- Customizable via configuration file.
- Integration with Laravel service providers and facades.
- Includes artisan commands for key management.
You can install the package via Composer:
composer require jmrashed/purchase-key-guardOnce installed, publish the configuration file using the following command:
php artisan vendor:publish --provider="Jmrashed\PurchaseKeyGuard\Providers\PurchaseKeyGuardServiceProvider" --tag="config"This will create a purchase_key.php configuration file in your config/ directory.
After installation, the package adds middleware to validate the purchase key. Add the middleware to your app/Http/Kernel.php:
protected $middlewareGroups = [
'web' => [
// other middleware
\Jmrashed\PurchaseKeyGuard\Http\Middleware\VerifyPurchaseKey::class,
],
];You can also use the provided PurchaseKeyService to programmatically verify purchase keys.
After publishing the configuration file, you can find it at config/purchase-key-guard.php. This file allows you to configure the settings for the purchase key validation.
The authentication array allows you to configure multiple vendor accounts for Envato API validation. You can add as many accounts as you need.
'authentication' => [
[
'vendor' => env('PURCHASE_KEY_VENDOR_ACCOUNT1', 'Account 1'),
'token' => env('PURCHASE_KEY_TOKEN_ACCOUNT1', ''),
'item_id' => env('PURCHASE_KEY_ITEM_ID_ACCOUNT1', ''),
'status' => env('PURCHASE_KEY_STATUS_ACCOUNT1', false),
],
// ...
],-
vendor: A friendly name for the vendor account. -
token: Your Envato API personal token. -
item_id: The ID of the item on Envato Market. -
status: Whether this vendor account is active or not.
The activation_limit setting determines how many times a purchase key can be activated on different domains.
'activation_limit' => env('PURCHASE_KEY_ACTIVATION_LIMIT', 1),The package includes a simple admin interface to manage purchase keys. You can access it at /admin/purchase-keys.
The admin interface allows you to:
-
View all purchase keys.
-
Create new purchase keys.
-
Edit existing purchase keys.
-
Delete purchase keys.
-
Revoke purchase keys.
The package includes an Artisan command to check for expired keys.
This command will check for purchase keys that have expired and update their status to expired.
You can run it manually:
php artisan purchase-key:check-expired
Or schedule it to run periodically in your app/Console/Kernel.php file:
protected function schedule(Schedule $schedule)
{
$schedule->command('purchase-key:check-expired')->daily();
}The package fires an event when a purchase key is validated: purchase.key.validated.
You can listen for this event in your EventServiceProvider:
protected $listen = [
'purchase.key.validated' => [
// Your listeners here
],
];You can extend the package by:
-
Creating your own views and publishing them.
-
Creating your own validation logic by extending the
PurchaseKeyService. -
Creating your own controllers and routes to customize the behavior of the package.
To run the package tests, simply execute:
composer testThe MIT License (MIT). Please see the LICENSE file for more details.
Md Rasheduzzaman
Full-Stack Software Engineer & Technical Project Manager
Building scalable, secure & AI-powered SaaS platforms across ERP, HRMS, CRM, LMS, and E-commerce domains.
Over 10 years of experience leading full-stack teams, cloud infrastructure, and enterprise-grade software delivery.
🌐 Portfolio: jmrashed.github.io
✉️ Email: jmrashed@gmail.com
💼 LinkedIn: linkedin.com/in/jmrashed
📝 Blog: medium.com/@jmrashed
💻 GitHub: github.com/jmrashed
“Need a Reliable Software Partner? I build scalable, secure & modern solutions for startups and enterprises.”