The last time I wrote commercial software, I knew it was a niche product and I generated my own license codes and tied them to email addresses. And since my app was used in conjunction with another vendor’s app, they sold it on their site.
But I have a new app that I’d like to distribute for the Mac on the App Store, and then make a mobile version for the App Store. When I search here for license management ideas, it looks like the entries are older, and I’m interested to discover what you all are using and recommend.
One half is a Web App that acts as the online activation handler as well as a GUI for managing customers, licenses, and integrations with Stripe and FastSpring. The web app receives notifications from payment processors and will automatically issue license keys.
The other half is a drop-in DRM module for your Desktop application. After setting up a product in the Web App, you download a pre-configured Xojo project containing the DRM module with everything ready to go. It really is as easy as drag and drop into your project, then checking if TPLM.IsActivated.
Due to the scale and complexity of the project, purchasing it is a very one-on-one experience. There is more information on my website, but if you’d like to try out a demo or schedule a Zoom to discuss your needs, reach out by email and we’ll make sure TPLM is right for you together. My email address is support@strawberrysw.com
If you distribute by Mac App Store, you are prohibited from using your own DRM. You must use Apple’s tooling or they will reject your application.
In the past Fastspring was good. I have had some not so good interactions with them in the last 2 years or so. For a while their email check was very aggressive. This is now better. But they have a 150 $ b.u.l.l.s.h.i.t fee to “verify” a vendor in spite of them doing my taxes for the last 10 years FFS. If the vendor doesn’t bring them enough money the fee is supposed to be paid every year. At least they pay on time.
Thanks for the info, Tim.
So this makes it sound like if I want to sell a version to my own clients, I would need two versions of the app, one to sell through the Apple Store and one to sell myself. Am I interpreting that correctly?
It sounds like you’re very well knowledgeable about the topic, so I hope you’ll let me ask another question or two. For the version that’s sold on the Apple Store, is there any code that has to be added to the app to incorporate Apple’s DRM? In other words, I haven’t thought about trying this, but if I buy an app for my laptop on the Apple Store, does Apple does the Apple Store add something to the app that prevents me from handing out copies of the executable? It seems like I would have to include that in the programming somehow. Or is that something Xojo adds when I compile the app and submit it Apple?
I sell software that uses my own licencing, outside the App Store.
Each customer gets their own serial.
When you sell via the App store, you never know who has bought, and you cannot contact them with a serial number of your own.
Whats more, Apple will happily give away copies to people who are in the purchaser’s “Family”
‘if I buy an app for my laptop on the Apple Store, does the Apple Store add something to the app that prevents me from handing out copies of the executable’
There is an Apple method for determining if a purchase is valid, usually used for ‘add-in’ content.
MBS has libraries that can help with that.
No. You have to write code to validate the purchase through Apple or the app will just run. Not every developer does. Some out of personal choice as DRM-free is a selling point in some markets, others choose to simply not invest the time.
So you may do the Mac App Store and use MBS Plugins for in-app purchases. Or do you prefer a purchase before download? Most applications are now free to download with in-app purchase.
If you also sell on the website, you have two apps. And it is up to you to implement whatever licensing scheme you like. A convenient way is to have people receive an email with a link containing the serial and using an URL scheme to open the app right from the email.
To collect money yourself, you need to pick a Merchant of Record, so you don’t need to handle VAT and sales tax yourself. It is convenience for you. I use FastSpring for over 10 years without problems. And I use Verifone / 2checkout. My previous MOR MyCommerce filed for bankruptcy and I probably loose 3.5 months of revenue there. So pick wisely and have multiple sales channels.
I can wholeheartedly endorse @Tim_Parnell 's TPLM. It’s fantastic and I couldn’t even tell you how many hours it has saved me from rolling my own solution. It’s also great that it does server-based activation. Prior to that I was using my own cryptography based methods which is fine but leaves you vulnerable to keygens and such. His support has also been excellent, with prompt replies to all questions and even feature requests have been earnestly accepted and implemented.
If you go this way I’d recommend using Stripe to handle your payments.
The control I built for my last app was very effective, but I was generating my own license codes with an Excel formula and sending the code to purchasers within 24 hours by email. That was fine when I had an app that I only expect about 100 sales of.
When I get this app closer to being ready, I’ll be back to check on TPLM, FastSpring, and how to implement whatever code Apple needs to integrate with the App Store. I followed the link to the article which warns not to use verifyReceipt. Is there a post or article anywhere that documents the steps any developer has followed to implement this integration?
FWW Claude wrote a very advanced way to create and verify license keys for me. It even uses your own methods that are needed for the your app itself but alters them to also check the license keys. It’s kinda hard to reverse engineer it (but possible). So even patching the app breaks the app. Kinda cool.
And all it took was asking Clause to create the code.
Below info Claude wrote (besides the code of course).
If needed, you can ask Clause to add a way to check the serial online too. Just ask it.
Key Security Features:
AES-256 Encryption - The customer email and other data are encrypted using AES
HMAC Verification - Prevents tampering with the serial number
Timestamp Inclusion - Prevents replay attacks and allows expiration
Base32 Encoding - User-friendly format that’s easy to type
Var valid As Boolean = manager.VerifySerial(serial, “customer@example.com”, “1.0”)
The generated serials will look like: ABCDE-FGHIJ-KLMNO-PQRST-UVWXY
This system makes it extremely difficult for pirates to:
Generate valid serials without your keys
Modify existing serials
Use serials with different email addresses
Create serials for different product versions
For maximum security, consider storing the encryption keys on a secure server and validating serials online rather than embedding keys in your application.
With the Web source code package you run the activation server web app yourself. I provide the source code in case you wish to make modifications, but there’s also a pre-built binary for convenience.
The only cost is your web server. (not any kind of monthly licensing fees)
