Deactivation support and improvements to Web API

The recent version of the Web API (requests contain ext) has undergone some changes. Many of the changes do not require any action to be taken, however a few do (and we will help you with that).

Here’s a list of changes that do not require any action to be taken:

  • Support for Deactivation: This week, we received a request to add the ability to de-activate keys (see the post). It’s now working! You can find out more about it in the Web API documentation. SKGL Extension will support this as soon as possible.
  • Faster Web API: Many of the changes, such as this one, are not that easy to notice. However, this change ensures that both key activation, validation and deactivation are faster than before.

Now, let’s go through the changes that might require actions to be taken:

  • Detailed Activation: Before, the platform only stored the machine code for each activation. Now, there is support for both the machine code, the IP address (can be seen in the same box) and activation date. For current users of the Web API 2.0, this means that the next time an activation is performed, the machine will be activated again. This will mostly not be noticed by the client user. However, if you are using trial activation (where the key changes), it might require you to resend the new serial key to your client.

If you would need any assistance, please either submit a question on our forum or contact us.

Some new updates in Serial Key Manager

Hi,

Last month, new functionality was added to the platform in order to facilitate the software distribution process. Here is a list of them:

Right now, we are working on a new functionality called Forms, which has the aim to simplify basic operations that are performed very often. As we are still working on it, you are encouraged to tell us what you would like us to add or change. For example, maybe you need to use a third party together with SKM in your solution. You can submit your ideas in two ways:

  1. On our Google Group
  2. Contact us directly

If you have the time, we would appreciate if you would answer a very short questionnaire (4 questions) about the way you use SKM. The last two questions allow a more detailed feedback that will allow us to improve your user experience. Thank you for taking your time!

Lastly, apart from these updates, we know that some of our users experienced downtime last month (during midnight, Stockholm time). We don’t want to have it this way. Serial Key Manager stands for quality and we are working on to make sure that this does not happen again.

Regards,

Artem Los

Lead Developer

Activation Forms – Protection of Apps without Internet Connection

For some weeks ago, we introduced the ability to include the machine code into the signed JSON result from the server during activation. It was briefly mentioned that this opens doors to secure key activation on computers without internet access. Here is a visualization of the process:

skmformssTechnically, this can be achieved using the API. However, since this is such a common procedure, why invent the wheel?

Using the Forms feature, you only need to select the product in the control panel (no need to look up uid, pid, hsum etc), and whether the machine code should be included into the activation file. A screenshot is shown below.

Screenshot (19)

Once you have set it up, you can either press the “Get Code” button to see the code that you need to add to make this work (in your application) or “Preview”. Here is how the final form will look like:

activationform

A video that illustrates the entire process can be found here.

Conclusion

The purpose of Activation Forms is to allow your customers to easily activate your software that does not have access to the internet. The solution is based on the idea of using activation files – files that contain signed key information.

Security improvements to key signing functionality

After that Web API 2.0 was announced, there have been some minor changes.

  1. A new parameter, signMid was added in the Activation method. By setting it to true, you can ensure that the machine id (set by mid) is signed also. (read more about the security advantages under SignMid)
  2. The Valid output parameter is equal to “True”, with a capital “T”, instead of “true”.
  3. The signing functionality (in both Activation and Validation methods) was fixed to make sure that signatures that the server generates can be validated by a client using the public key.

SignMid

The security advantage of using signMid is mostly relevant for applications that perform activation only once or not at all. By setting it to true, the machine code will be added to the signature (in the KeyInformation class) and thus the client app will know that it has not been modified since the last activation was performed.

This opens doors to securer key activation on computers (devices) that do not have direct connection to the Internet, for example, some computers in an enterprise. An enterprise computer does only need to provide a machine code, which is later used to get a signed key information file. If you would like to have something that facilitates the implementation of this logic, please wait several days (approx 1-2 weeks). We are currently working on a possible solution.

Application maintenance 3rd-4th January.

Yesterday, between 11 pm – 1 am Stockholm time, there was a major upgrade of the APIs in the application. This might have caused disturbances that could affect the Web API during that time. I am very sorry for that. The application is now up-to-date!

Serial Key Manager platform is updated continuously, which is very difficult to notice. However, certain times we need to upgrade vital components in order to keep Serial Key Manager secure.

Upgrade of Web API and Support for Java

The Web API that is used to perform tasks like key validation from a client computer (or a web application) has been upgraded. Here’s the description of it from the support page:

Many operations can be performed using web requests. In contrast to the previous version of the Web API, the new version aims to make all methods standardized. All requests in each method follow the same pattern in order to make it easier to go from one operation to another. Input parameters, results, and errors are well documented in the new documentation to make it easier to use the functionality in SKM on all platforms.

The new Web API requires only two methods to be implemented in the client application: one to send a request and another to decide how the result from the server should be interpreted.

In SKGL Extension API (for .NET) there are two new methods to make these operations easy.

The first method (GetParemeters) is used to send an array of parameters (see the required parameters) to the server and then record the result (another array of variables). If you are using Validation, the result will either contain variables such as the creation date or an error with a short description why it went wrong.

The second method (GetKeyInformationFromParemters) is a helper method that will, given that either an Activation or Validation request was sent, put the information into a KeyInformation so that you can continue to use the features like offline key validation (storing the information securely offline).

In order to make sure that it’s easy to implement this logic into Java, a new API is currently being developed. This API is open-source too, and it can be accessed through GitHub. The API documentation can be accessed here. For the time being, the API has one method that works similar to GetParameters.

Interact with server using API

SKGL Extension was upgraded to the new functionality available in SKM since yesterday. Apart from the fact that you can generate/activate/validate keys using web requests, you can from now list all products and also get uid, pid and hsum values without explicitly logging in through the browser.

Here are the methods that were recently added to the API:

The class that stores this information is:

NOTE: You have go through authentication using your username and password associated with your account for these methods to work.

Secure connection with SSL

From now on, all communication between you (the web interface or the client app) is protected with 256 bit encryption (AES 256 and RSA 2048) by default.

If you are using SKGL Extension API, the only thing you have to do is to upgrade to version 1.0.9.1. If you are sending customized requests (from another server or a different platform), you can simply change from http to https.

This change was performed yesterday, and there might have been short disruptions when logging in into SKM, during external key generation, key activation and validation. The secured connection is now working properly, and no more disruptions should occur.

Our goal is to continue improving the security measures in order to ensure that only you are able to access your information. If you want to find out more about the security measures, please see this article:

Access to the notes field

In the last post, there was a questionnaire about whether or not the access to the “notes” field should be given through key validation or key activation. The results of the questionnaire were mixed.

All opinions are very important for us, so, as a result, the notes field access is implemented in such a way to allow those users that want to access it being able to do so, while those users that don’t want the notes field to be exposed will be able to restrict access to it.

So, if you want to get the notes field exposed, please see this article. If you don’t, there is nothing that has to be done. Simply keep using  Serial Key Manager as you’ve always have done!

The recently released version of SKGL Extension API, v. 1.0.8.1, incorporates a new “notes” field in the KeyInformation class. The notes field is saved in the same way as creation date and other serial key features into a file during offline key validation (one time key activation with a digital signature). For those users that decide not to activate notes field access, nothing has to be done either. Serial Key Manager platform will work with 1.0.7.1 as usual.

It would be great if you find this way of implementing the access to the “notes” field is the optimal solution, but it might not be the case. If there is something you don’t like about this change or if you simply want to tell us what you think, you are warmly welcome to contact us!