Category: Announcements

Coming Plans and New Features

Dear Users,

In the past months, many things have changed. The Web API was extended with new methods (focus on statistics) and the control panel itself received some new functions. Apart from that, as some of you might have noticed, there were some down times also. In this letter, I would like to describe our plan to tackle the down times, shortly mention the new features, and finally stress that Web API 1 will be discontinued.

Downtime

I think this is quite a familiar concept to many of us; it basically means that, for some reasons, the web application is unable to respond to some or all requests. We’ve experienced several down times starting from January 2015 (3-4). Some were quite short and rarely noticeable, whilst the recent ones were quite long. The reasons varied, but many depended on the infrastructure where the application is currently stored, which is provided by another company.

For some applications, a downtime once in a while might not be of big importance. For Serial Key Manager (SKM), this is not the case. The response time of our application is a vital aspect, mainly because of the way SKM is being used. If the application is not accessible, users that depend on a valid key validation/activation will not be able to access the software.

In order to ensure that your customers are always able to work with your application, there is a series of measures that are going to be taken.

  • New servers: In the nearest time, we are going to upgrade the infrastructure. This means faster servers and reduced (if any) downtime.
  • Private hosting: This means that you will be able to host SKM on your own servers.
  • Simplified offline key validation: Since implementation of periodic key validation (even with small intervals) is a good way to enable access to the application even during a downtime, our aim is to simplify the way it is implemented. At the moment, you can read this article to get a pre-configured solution. However, the goal is to reduce this to a single method call.

If there is anything else you think we should do, please let us know here. I must admit that we’ve had constructive conversations with many SKM users these months. It’s important to keep up the friendly atmosphere where all of us can exchange ideas in order to achieve a great licensing solution! (please fill in the form to rate these ideas)

New features

Let’s now take a look at some of the new features that were added/will be added to SKM.

  • Payment Forms – a hosted payment form that will allow you to integrate the Web API together with PayPal and Stripe. A draft of the knowledge base article can be found here. The feature itself is expected to work. See an example (live).payformex
  • Web API methods
    • Get Activated Machines – list the activated machines for a given key (includes ip, machine code, time).
    • Web API Log – get the Web API log for your account, a product or a key.
  • Stats – or Analytics. It’s an easy way to get a quick overview of your account, a product or a key. Overview

Web API 1

As it was mentioned in this article, Web API will be discontinued. We’ve now removed all documentation, but the API itself is still working. Within 10 days from now, we plan to turn it off completely. If this will affect you negatively, please let us know so that we can come to a solution.

Conclusion

In this letter, we went through the strategy to decrease the impact of/reduce downtime. Later, we briefly looked at the new features (payment forms & analytics). Finally, it was stressed that Web API 1 will be discontinued soon. If anyone would have some questions, please contact us!

/Artem

Additional security for multiple products

Along with the update of SKGL Extension (see release notes), we’ve added support for signing of product id (pid), user id (uid) and activation date. These fields solve the following problem that was reported by a user:

Before, it was possible to use the same KeyInformation file (serialized by SaveKeyInformationToFile) to unlock other products (that used the same Public Key, i.e. by the same software vendor). For some, it worked out by specifying this information in the Notes field.

This change mostly affects those that use offline key validation or some sort of periodic activation with multiple products in the same account. By checking the product id during activation/validation, you can ensure that only the correct key information object is used for a given product.

In addition, the activation date is currently signed also. This means that the client user is unable to change the activation date, which ensures that activation files are only valid for a certain period of time. A tip here is to try to use the TimeCheck method.

If you would have question about the way you can take an advantageb of this security measure, please send a question on our forum.

Discontinuing Web API 1.0, Important information

The Web API 1.0, also referred to as the old API, is the first version of an API that could perform actions such as Validation and Activation. A good way to find out whether you are using this version of the API is by looking at where requests are sent. If they look similar to https://serialkeymanager.com/Key/, this is a sign of the old API. If you are using the newest version of SKGL Extension, then you are using the new version, 2.0. In this letter, we are going to look at why you should upgrade to Web API 2.0, when we plan to discontinue the old version and finally how you can get more support if you would have questions.

Why Upgrade to Web API 2.0

There are many advantages of upgrading to the newer version, some of them are going to be listed below.

  • It is actively maintained: In contrast to the old API, the new one is kept up-to-date and actively maintained. This means that you will get all important security updates and new features in the new version of the API. In addition, all of the client APIs (SKGL Extension) are configured to work with it.
  • Many new features: The new API supports new features such as deactivation, optional field (allows to have quotas), standardized input/output format and ability to perform some actions that would otherwise require you to log in into the control panel.
  • Structure and easy troubleshooting: The structure of the API methods is designed to allow you to easily see what parameters are required and what kind of information that is going to be returned. This is great especially for those of you that access the API through another environment which is currently not supported by a client API (such as SKGL Extension for .NET or Java). Moreover, if you would run into trouble, you will receive an error that makes sense. This makes it possible to easily troubleshoot errors.
  • Fast integration with Get the Code: You might have already noticed a new icon we have added in the control panel, namely </>. Once you see such icon, it means that you can get code/pre-configured requests that you can paste into your application and make it work right away.
  • Statistics implies security: Each time a method is executed (right now, we support activation, deactivation, validation, optional field), it is stored in the database. Right now, you have the ability to see the number of successful and unsuccessful requests in total, but we plan to add a better interface that will allow you to see more complex presentation of the data (which at this stage includes the date and the IP address). This implies security. The ability to know to where requests come from is a great way to prevent users from guessing the key and allow you to take measures before anything bad has happened. This is only available in Web API 2.0.
  • Faster evaluation of requests: The new API is considerably faster than the old one and is always kept updated to ensure that it can handle large number of requests.

To sum up, upgrading to the new version of the API gives you many new features. Some of them ensure that everything is safe and fast, and some that allow faster integration.

When the old Web API (1.0) is discontinued

Technically speaking, the old API is no longer supported by any client that many use to access it (such as SKGL Extension). However, those of you that did not update SKGL Extension still have access to the old API. In fact, it still works to access it and get some support on how to use it. In several months, we plan to remove support for it and eventually turn it off. Below, a time schedule of this procedure:

  • Starting from 20th of May, support pages are going to be removed as well as the documentation https://serialkeymanager.com/Key/Ext.
  • 1st of June, the Web API 1.0 will be unavailable. Note, if you still want to have access to it, please send a message directly to info (at) serialkeymanager dot com.
  • From 1st of July up to 1st of September, we plan to remove support for it entirely. There is no set date when this is going to be done in that time interval, however, it all depends on what is best for you. It could take up to the 1st of September, but ideally, it would be done already the 1st of July. In any case, we will notify you in advance.

This upgrade means that you would need to update the SKGL Extension version on your clients’ machines before the 1st of July. We have tried to make this step as easy as possible (for instance, there is already pre-configured code available in the control panel), but if you would need any assistance, please submit a question on our forum (http://support.serialkeymanager.com/forums/). Since many might have similar questions, by asking it there allows others to learn from it. We encourage everyone to try it out!

Deactivation support and improvements to Web API

The recent version of the Web API (requests contain ext) has undergone some changes. Many of the changes do not require any action to be taken, however a few do (and we will help you with that).

Here’s a list of changes that do not require any action to be taken:

  • Support for Deactivation: This week, we received a request to add the ability to de-activate keys (see the post). It’s now working! You can find out more about it in the Web API documentation. SKGL Extension will support this as soon as possible.
  • Faster Web API: Many of the changes, such as this one, are not that easy to notice. However, this change ensures that both key activation, validation and deactivation are faster than before.

Now, let’s go through the changes that might require actions to be taken:

  • Detailed Activation: Before, the platform only stored the machine code for each activation. Now, there is support for both the machine code, the IP address (can be seen in the same box) and activation date. For current users of the Web API 2.0, this means that the next time an activation is performed, the machine will be activated again. This will mostly not be noticed by the client user. However, if you are using trial activation (where the key changes), it might require you to resend the new serial key to your client.

If you would need any assistance, please either submit a question on our forum or contact us.

Some new updates in Serial Key Manager

Hi,

Last month, new functionality was added to the platform in order to facilitate the software distribution process. Here is a list of them:

Right now, we are working on a new functionality called Forms, which has the aim to simplify basic operations that are performed very often. As we are still working on it, you are encouraged to tell us what you would like us to add or change. For example, maybe you need to use a third party together with SKM in your solution. You can submit your ideas in two ways:

  1. On our Google Group
  2. Contact us directly

If you have the time, we would appreciate if you would answer a very short questionnaire (4 questions) about the way you use SKM. The last two questions allow a more detailed feedback that will allow us to improve your user experience. Thank you for taking your time!

Lastly, apart from these updates, we know that some of our users experienced downtime last month (during midnight, Stockholm time). We don’t want to have it this way. Serial Key Manager stands for quality and we are working on to make sure that this does not happen again.

Regards,

Artem Los

Lead Developer

Activation Forms – Protection of Apps without Internet Connection

For some weeks ago, we introduced the ability to include the machine code into the signed JSON result from the server during activation. It was briefly mentioned that this opens doors to secure key activation on computers without internet access. Here is a visualization of the process:

skmformssTechnically, this can be achieved using the API. However, since this is such a common procedure, why invent the wheel?

Using the Forms feature, you only need to select the product in the control panel (no need to look up uid, pid, hsum etc), and whether the machine code should be included into the activation file. A screenshot is shown below.

Screenshot (19)

Once you have set it up, you can either press the “Get Code” button to see the code that you need to add to make this work (in your application) or “Preview”. Here is how the final form will look like:

activationform

A video that illustrates the entire process can be found here.

Conclusion

The purpose of Activation Forms is to allow your customers to easily activate your software that does not have access to the internet. The solution is based on the idea of using activation files – files that contain signed key information.

Security improvements to key signing functionality

After that Web API 2.0 was announced, there have been some minor changes.

  1. A new parameter, signMid was added in the Activation method. By setting it to true, you can ensure that the machine id (set by mid) is signed also. (read more about the security advantages under SignMid)
  2. The Valid output parameter is equal to “True”, with a capital “T”, instead of “true”.
  3. The signing functionality (in both Activation and Validation methods) was fixed to make sure that signatures that the server generates can be validated by a client using the public key.

SignMid

The security advantage of using signMid is mostly relevant for applications that perform activation only once or not at all. By setting it to true, the machine code will be added to the signature (in the KeyInformation class) and thus the client app will know that it has not been modified since the last activation was performed.

This opens doors to securer key activation on computers (devices) that do not have direct connection to the Internet, for example, some computers in an enterprise. An enterprise computer does only need to provide a machine code, which is later used to get a signed key information file. If you would like to have something that facilitates the implementation of this logic, please wait several days (approx 1-2 weeks). We are currently working on a possible solution.

Application maintenance 3rd-4th January.

Yesterday, between 11 pm – 1 am Stockholm time, there was a major upgrade of the APIs in the application. This might have caused disturbances that could affect the Web API during that time. I am very sorry for that. The application is now up-to-date!

Serial Key Manager platform is updated continuously, which is very difficult to notice. However, certain times we need to upgrade vital components in order to keep Serial Key Manager secure.