cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
EN
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BenjiDev
Enthusiast

Saturday - last edited Saturday

Authenticating an Archicad user in a 3rd party system

Saturday

Hello, I know it is possible to get the user id of a user:

 

https://community.graphisoft.com/t5/Developer-Insights/Introducing-new-user-identification-to-the-AP...

 

But is it possible to verify it?

 

Let's say I make an Add-On that I sell. 

ACAPI_Protection_GetGSIDUserId

Seems like a good identifier to tie a license of the Add-On to, because it represents an ArchiCAD user.

 

So to purchase a license for the Add-On the user just has to provide this ID (or if purchase is done in the Add-On it can be retrieved) and stored on my license server.

 

Then the Add-On can retrieve the same ID and check if it exists on the license server to verify that the user "has" a license to the Add-On. 

 

Problem is that I don't know how to verify this ID on the license server, how can the license server (or other 3rd party systems) know that the id it gets is a valid graphisoft user ID?  

 

Is it possible to get a signed graphisoft user id that can be verified. Or a token of some sorts, that a 3rd party system can verify with a graphisoft controlled server?

 

 

 

 

 

0 Likes
2 Replies 2
Ralph Wessel
Ace

yesterday

yesterday

I don't believe there is any way to obtain information about an ID from Graphisoft. But if you support purchasing through an add-ons, presumably you can be confident that the ID it submits to your server is legitimate?

Ralph Wessel BArch
Central Innovation
0 Likes
In response to Ralph Wessel
BenjiDev
Enthusiast

3 hours ago - last edited 3 hours ago

3 hours ago

Thanks for the answer. Yes I can trust the Add-On but the license server cannot be confident that what it receives was submited from the add-on.

 

A technical user could submit (using tools separate from the Add-On) the graphisoft user id of another user to get access to their Add-On licenses. They could also circumvent any 30 day add-on trial by sending random strings as user ids (interpreted as new users on the license server).

 

The Add-On could sign the user id before sending, but that requires distributing a private key with the Add-On. Would be nice if assurance could come from graphisoft.

 

 

 

 

 

0 Likes

Didn't find the answer?

Check other topics in this Forum

Back to Forum

Read the latest accepted solutions!

Accepted Solutions

Start a new conversation!

Create new topic