🥽 Beta testers needed! Stay up to date with the latest news from CTRLS.DEV

Adding License Key Feature to Your Premium WordPress Theme or Plugin (2/3)

How to set up our API server and link up the previously created functions with our server app.

In part one of this three-part tutorial, we discussed how to add and manipulate initial license key data after user registration and payment completion.

Now let us go deep and set up our API client and show you how to link up the previously created functions with our server app.

The Setup

In part one I pointed all 3rd party libraries/middlewares we are going. to use. To set up our API client we will need Composer, the Slim PHP Framework, and Slim Basic Auth middleware. 

First, let us create the composer.json file and run “composer update” command from the terminal inside the directory with this file. This basically will download all the required packages and create the dependencies inside the vendor folder.

  "require": {
    "slim/slim": "^3.0",
    "tuupola/slim-basic-auth": "^2.0"

Note: I am using the older Slim 3 approach to create our app server but you can go to their site & see how you would do this with 4.0. http://www.slimframework.com/docs/v4/

The Structure

Before we move forward here is what should be inside your API folder. I am using a subfolder called api under my public www folder (Note: there are other methods do this, in a production environment I would have the API reside in a subdomain e.g api.example.com and your WordPress installation at example.com).

  (all other WP files and folders)

Note: vendor and composer.lock are generated when you run the composer update command, and .hataccess is not applicable to my use case with Kinsta but I wanted to include them as a reference.

Subscribe to our Newsletter* if you find our content useful and would like to receive regular updates with the latest posts.

The Code

Before I give you the code I want to mention that I am not using any API client hashing for the passwords, however, in a real-live plugin to improve security you should definitely consider hash and secure your passwords. I would recommend you take a look at the JSON Web Token middleware for Slim here https://github.com/tuupola/slim-jwt-auth.

So, let me explain the code above:

  • First, we need to load up WordPress include options.php and controllers.php and retrieve the license key data from our WordPress database.
  • Next, we need to autoload the contents from the vendor folder we set up previously with all the required libraries and middleware.
  • After that, we initializer our app and add basic authentication with error message function.
  • And the last step is to create all of our routes (inside a group) using the controller functions below.
  • And finally, we run our app.


This is a side-note about my individual case that I will explain in more detail in part three.

Note: Since I am using Kinsta and they don’t use Apache (Nginx) to create pretty URLs. I can’t use .hataccess, however, I will post an example file here as your reference.

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]

For Kinsta I would need to do some fancy redirection for this tutorial because we don’t have access to the Nginx config file directly.

Note: You would need to contact Kinsta‘s support to add to the above .htaccess converted into the Nginx config style. See the Slim PHP framework docs for more details about what should you set up your Nginx server. http://www.slimframework.com/docs/v3/start/web-servers.html

This is pretty much how you set up your basic API client, I won’t get into more details but you should read all the comments within the code that explain most of the code line by line.

For additional information, you should definitely take a look at the Slim user guides.


You can test your server by going to https://example.com/api/license. if you get an Auth prompt window with user and password then your server is good.

You can log in with the already added user and password but you will probably get 405 Method not allowed. Must be one of POST. Which is expected since all of our routes use the post method.

If you cancel the prompted window you should get an error like this.

{"status":"error","message":"Authentication failed"}

What’s Next?

Now we have our API client created and running. In the last part of this tutorial series, we will create the license key feature within our plugin and glue everything together.

* We have a NO SPAM policy so you won't reaceive any meaningless emails from us!

Related Content

Adding License Key Feature to Your Premium WordPress Theme or Plugin (3/3)

How to use your API server and glue everything we have done so far together.


CPT UI + Advanced Custom Fields + Front-end Data Collection Form

How to use CPT UI and ACF to setup a front-end form and collect user generated content.


How to Add a Simple Plain HTML Search with Autocomplete in WordPress

Integrate plain HTML search form and override WordPress get_search_form function.


Leave a Reply

Your email address will not be published. Required fields are marked *

Override Gutenberg Blocks & Create Gallery Modal Window
CPT UI + Advanced Custom Fields + Front-end Data Collection Form

Thank you for reading our content. Use the buttons below to spread the love and share How to Add a Simple Plain HTML Search with Autocomplete in WordPress with your followers.