Along with the update of SKGL Extension (see release notes), we’ve added support for signing of product id (pid), user id (uid) and activation date. These fields solve the following problem that was reported by a user:
Before, it was possible to use the same KeyInformation file (serialized by SaveKeyInformationToFile) to unlock other products (that used the same Public Key, i.e. by the same software vendor). For some, it worked out by specifying this information in the Notes field.
This change mostly affects those that use offline key validation or some sort of periodic activation with multiple products in the same account. By checking the product id during activation/validation, you can ensure that only the correct key information object is used for a given product.
In addition, the activation date is currently signed also. This means that the client user is unable to change the activation date, which ensures that activation files are only valid for a certain period of time. A tip here is to try to use the TimeCheck method.
If you would have question about the way you can take an advantageb of this security measure, please send a question on our forum.
The Web API 1.0, also referred to as the old API, is the first version of an API that could perform actions such as Validation and Activation. A good way to find out whether you are using this version of the API is by looking at where requests are sent. If they look similar to https://serialkeymanager.com/Key/, this is a sign of the old API. If you are using the newest version of SKGL Extension, then you are using the new version, 2.0. In this letter, we are going to look at why you should upgrade to Web API 2.0, when we plan to discontinue the old version and finally how you can get more support if you would have questions.
Why Upgrade to Web API 2.0
There are many advantages of upgrading to the newer version, some of them are going to be listed below.
- It is actively maintained: In contrast to the old API, the new one is kept up-to-date and actively maintained. This means that you will get all important security updates and new features in the new version of the API. In addition, all of the client APIs (SKGL Extension) are configured to work with it.
- Many new features: The new API supports new features such as deactivation, optional field (allows to have quotas), standardized input/output format and ability to perform some actions that would otherwise require you to log in into the control panel.
- Structure and easy troubleshooting: The structure of the API methods is designed to allow you to easily see what parameters are required and what kind of information that is going to be returned. This is great especially for those of you that access the API through another environment which is currently not supported by a client API (such as SKGL Extension for .NET or Java). Moreover, if you would run into trouble, you will receive an error that makes sense. This makes it possible to easily troubleshoot errors.
- Fast integration with Get the Code: You might have already noticed a new icon we have added in the control panel, namely </>. Once you see such icon, it means that you can get code/pre-configured requests that you can paste into your application and make it work right away.
- Statistics implies security: Each time a method is executed (right now, we support activation, deactivation, validation, optional field), it is stored in the database. Right now, you have the ability to see the number of successful and unsuccessful requests in total, but we plan to add a better interface that will allow you to see more complex presentation of the data (which at this stage includes the date and the IP address). This implies security. The ability to know to where requests come from is a great way to prevent users from guessing the key and allow you to take measures before anything bad has happened. This is only available in Web API 2.0.
- Faster evaluation of requests: The new API is considerably faster than the old one and is always kept updated to ensure that it can handle large number of requests.
To sum up, upgrading to the new version of the API gives you many new features. Some of them ensure that everything is safe and fast, and some that allow faster integration.
When the old Web API (1.0) is discontinued
Technically speaking, the old API is no longer supported by any client that many use to access it (such as SKGL Extension). However, those of you that did not update SKGL Extension still have access to the old API. In fact, it still works to access it and get some support on how to use it. In several months, we plan to remove support for it and eventually turn it off. Below, a time schedule of this procedure:
- Starting from 20th of May, support pages are going to be removed as well as the documentation https://serialkeymanager.com/Key/Ext.
- 1st of June, the Web API 1.0 will be unavailable. Note, if you still want to have access to it, please send a message directly to info (at) serialkeymanager dot com.
- From 1st of July up to 1st of September, we plan to remove support for it entirely. There is no set date when this is going to be done in that time interval, however, it all depends on what is best for you. It could take up to the 1st of September, but ideally, it would be done already the 1st of July. In any case, we will notify you in advance.
This upgrade means that you would need to update the SKGL Extension version on your clients’ machines before the 1st of July. We have tried to make this step as easy as possible (for instance, there is already pre-configured code available in the control panel), but if you would need any assistance, please submit a question on our forum (http://support.serialkeymanager.com/forums/). Since many might have similar questions, by asking it there allows others to learn from it. We encourage everyone to try it out!
The recent version of the Web API (requests contain ext) has undergone some changes. Many of the changes do not require any action to be taken, however a few do (and we will help you with that).
Here’s a list of changes that do not require any action to be taken:
- Support for Deactivation: This week, we received a request to add the ability to de-activate keys (see the post). It’s now working! You can find out more about it in the Web API documentation. SKGL Extension will support this as soon as possible.
- Faster Web API: Many of the changes, such as this one, are not that easy to notice. However, this change ensures that both key activation, validation and deactivation are faster than before.
Now, let’s go through the changes that might require actions to be taken:
- Detailed Activation: Before, the platform only stored the machine code for each activation. Now, there is support for both the machine code, the IP address (can be seen in the same box) and activation date. For current users of the Web API 2.0, this means that the next time an activation is performed, the machine will be activated again. This will mostly not be noticed by the client user. However, if you are using trial activation (where the key changes), it might require you to resend the new serial key to your client.
If you would need any assistance, please either submit a question on our forum or contact us.
Last month, new functionality was added to the platform in order to facilitate the software distribution process. Here is a list of them:
Right now, we are working on a new functionality called Forms, which has the aim to simplify basic operations that are performed very often. As we are still working on it, you are encouraged to tell us what you would like us to add or change. For example, maybe you need to use a third party together with SKM in your solution. You can submit your ideas in two ways:
- On our Google Group
- Contact us directly
If you have the time, we would appreciate if you would answer a very short questionnaire (4 questions) about the way you use SKM. The last two questions allow a more detailed feedback that will allow us to improve your user experience. Thank you for taking your time!
Lastly, apart from these updates, we know that some of our users experienced downtime last month (during midnight, Stockholm time). We don’t want to have it this way. Serial Key Manager stands for quality and we are working on to make sure that this does not happen again.
For some weeks ago, we introduced the ability to include the machine code into the signed JSON result from the server during activation. It was briefly mentioned that this opens doors to secure key activation on computers without internet access. Here is a visualization of the process:
Technically, this can be achieved using the API. However, since this is such a common procedure, why invent the wheel?
Using the Forms feature, you only need to select the product in the control panel (no need to look up uid, pid, hsum etc), and whether the machine code should be included into the activation file. A screenshot is shown below.
Once you have set it up, you can either press the “Get Code” button to see the code that you need to add to make this work (in your application) or “Preview”. Here is how the final form will look like:
A video that illustrates the entire process can be found here.
The purpose of Activation Forms is to allow your customers to easily activate your software that does not have access to the internet. The solution is based on the idea of using activation files – files that contain signed key information.
After that Web API 2.0 was announced, there have been some minor changes.
- A new parameter, signMid was added in the Activation method. By setting it to true, you can ensure that the machine id (set by mid) is signed also. (read more about the security advantages under SignMid)
- The Valid output parameter is equal to “True”, with a capital “T”, instead of “true”.
- The signing functionality (in both Activation and Validation methods) was fixed to make sure that signatures that the server generates can be validated by a client using the public key.
The security advantage of using signMid is mostly relevant for applications that perform activation only once or not at all. By setting it to true, the machine code will be added to the signature (in the KeyInformation class) and thus the client app will know that it has not been modified since the last activation was performed.
This opens doors to securer key activation on computers (devices) that do not have direct connection to the Internet, for example, some computers in an enterprise. An enterprise computer does only need to provide a machine code, which is later used to get a signed key information file. If you would like to have something that facilitates the implementation of this logic, please wait several days (approx 1-2 weeks). We are currently working on a possible solution.
Yesterday, between 11 pm – 1 am Stockholm time, there was a major upgrade of the APIs in the application. This might have caused disturbances that could affect the Web API during that time. I am very sorry for that. The application is now up-to-date!
Serial Key Manager platform is updated continuously, which is very difficult to notice. However, certain times we need to upgrade vital components in order to keep Serial Key Manager secure.
The Web API that is used to perform tasks like key validation from a client computer (or a web application) has been upgraded. Here’s the description of it from the support page:
Many operations can be performed using web requests. In contrast to the previous version of the Web API, the new version aims to make all methods standardized. All requests in each method follow the same pattern in order to make it easier to go from one operation to another. Input parameters, results, and errors are well documented in the new documentation to make it easier to use the functionality in SKM on all platforms.
The new Web API requires only two methods to be implemented in the client application: one to send a request and another to decide how the result from the server should be interpreted.
In SKGL Extension API (for .NET) there are two new methods to make these operations easy.
The first method (GetParemeters) is used to send an array of parameters (see the required parameters) to the server and then record the result (another array of variables). If you are using Validation, the result will either contain variables such as the creation date or an error with a short description why it went wrong.
The second method (GetKeyInformationFromParemters) is a helper method that will, given that either an Activation or Validation request was sent, put the information into a KeyInformation so that you can continue to use the features like offline key validation (storing the information securely offline).
In order to make sure that it’s easy to implement this logic into Java, a new API is currently being developed. This API is open-source too, and it can be accessed through GitHub. The API documentation can be accessed here. For the time being, the API has one method that works similar to GetParameters.
SKGL Extension was upgraded to the new functionality available in SKM since yesterday. Apart from the fact that you can generate/activate/validate keys using web requests, you can from now list all products and also get uid, pid and hsum values without explicitly logging in through the browser.
Here are the methods that were recently added to the API:
The class that stores this information is:
NOTE: You have go through authentication using your username and password associated with your account for these methods to work.