Adding License Key Feature to Your Premium WordPress Theme or Plugin (2/3)

How to set up our API server and link up the previously created functions with our server app.

In part one of this three-part tutorial, we discussed how to add and manipulate initial license key data after user registration and payment completion.

Now let us go deep and set up our API client and show you how to link up the previously created functions with our server app.

The Setup

In part one I pointed all 3rd party libraries/middlewares we are going. to use. To set up our API client we will need Composer, the Slim PHP Framework, and Slim Basic Auth middleware. 

First, let us create the composer.json file and run “composer update” command from the terminal inside the directory with this file. This basically will download all the required packages and create the dependencies inside the vendor folder.

  "require": {
    "slim/slim": "^3.0",
    "tuupola/slim-basic-auth": "^2.0"

Note: I am using the older Slim 3 approach to create our app server but you can go to their site & see how you would do this with 4.0.

The Structure

Before we move forward here is what should be inside your API folder. I am using a subfolder called api under my public www folder (Note: there are other methods do this, in a production environment I would have the API reside in a subdomain e.g and your WordPress installation at

  (all other WP files and folders)

Note: vendor and composer.lock are generated when you run the composer update command, and .hataccess is not applicable to my use case with Kinsta but I wanted to include them as a reference.

Subscribe to our Newsletter* if you find our content useful and would like to receive regular updates with the latest posts.

The Code

Before I give you the code I want to mention that I am not using any API client hashing for the passwords, however, in a real-live plugin to improve security you should definitely consider hash and secure your passwords. I would recommend you take a look at the JSON Web Token middleware for Slim here

So, let me explain the code above:

  • First, we need to load up WordPress include options.php and controllers.php and retrieve the license key data from our WordPress database.
  • Next, we need to autoload the contents from the vendor folder we set up previously with all the required libraries and middleware.
  • After that, we initializer our app and add basic authentication with error message function.
  • And the last step is to create all of our routes (inside a group) using the controller functions below.
  • And finally, we run our app.


This is a side-note about my individual case that I will explain in more detail in part three.

Note: Since I am using Kinsta and they don’t use Apache (Nginx) to create pretty URLs. I can’t use .hataccess, however, I will post an example file here as your reference.

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]

For Kinsta I would need to do some fancy redirection for this tutorial because we don’t have access to the Nginx config file directly.

Note: You would need to contact Kinsta‘s support to add to the above .htaccess converted into the Nginx config style. See the Slim PHP framework docs for more details about what should you set up your Nginx server.

This is pretty much how you set up your basic API client, I won’t get into more details but you should read all the comments within the code that explain most of the code line by line.

For additional information, you should definitely take a look at the Slim user guides.


You can test your server by going to if you get an Auth prompt window with user and password then your server is good.

You can log in with the already added user and password but you will probably get 405 Method not allowed. Must be one of POST. Which is expected since all of our routes use the post method.

If you cancel the prompted window you should get an error like this.

{"status":"error","message":"Authentication failed"}

What’s Next?

Now we have our API client created and running. In the last part of this tutorial series, we will create the license key feature within our plugin and glue everything together.

* We have a NO SPAM policy so you won't reaceive any meaningless emails from us!

Related Content

Adding License Key Feature to Your Premium WordPress Theme or Plugin (3/3)

How to use your API server and glue everything we have done so far together.


Adding License Key Feature to Your Premium WordPress Theme or Plugin (1/3)

In this three-part tutorial, I will show you how you can set up, create and add license key functionality with authentication for your premium theme or plugin.


Create Gutenberg Blocks with ACF 5.8+ PRO

How to register and customize Gutenberg blocks with the Advanced Custom Fields plugin (no JavaScript needed)


Leave a Reply

Your email address will not be published. Required fields are marked *

CPT UI + Advanced Custom Fields + Front-end Data Collection Form

Thank you for reading our content. Use the buttons below to spread the love and share Create Gutenberg Blocks with ACF 5.8+ PRO with your followers.