Advanced Tutorials

Add License Key to Premium Theme/Plugin (2/3)

In part one of this three-part tutorial, we discussed adding and manipulating initial license key data after user registration and payment completion.

In part one of this three-part tutorial, we discussed adding and manipulating initial license key data after user registration and payment completion.

Now let us go deep and set up our API client and show you how to link the previously created functions with our server app.

The Setup

In part one, I pointed out all 3rd party libraries/middlewares we are going. To use. To set up our API client, we need Composer, the Slim PHP Framework, and Slim Basic Auth middleware. 

First, let us create the composer.json file and run the “composer update” command from the terminal inside the directory. This will basically download all the required packages and create the dependencies inside the vendor folder.

  "require": {
    "slim/slim": "^3.0",
    "tuupola/slim-basic-auth": "^2.0"

Note: I am using the older Slim 3 approach to create our app server, but you can go to their site & see how you would do this with 4.0.

The Structure

Before we move forward, here is what should be inside your API folder. I am using a subfolder called api under my public www folder (Note: there are other methods to do this, in a production environment, I would have the API reside in a subdomain, e.g., and your WordPress installation at

  (all other WP files and folders)

Note: vendor and composer. A lock is generated when you run the composer update command .hataccess does not apply to my use case with Kinsta, but I wanted to include them as a reference.

The Code

Before I give you the code, I mention that I am not using any API client hashing for the passwords. However, in a real-live plugin to improve security, you should definitely consider hash and secure your passwords. I would recommend you look at the JSON Web Token middleware for Slim here

So, let me explain the code above:

  • First, we need to load up WordPress include options.php and controllers.php and retrieve the license key data from our WordPress database.
  • Next, we need to autoload the contents from the vendor folder we set up previously with all the required libraries and middleware.
  • After that, we initializer our app and add basic authentication with error message function.
  • And the last step is to create all of our routes (inside a group) using the controller functions below.
  • And finally, we run our app.


This is a side-note about my individual case that I will explain in more detail in part three.

Note: Since I am using Kinsta, they don’t use Apache (Nginx) to create pretty URLs. I can’t use .hataccess. However, I will post an example file here as your reference.

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [QSA,L]

For Kinsta, I would need to do some fancy redirection for this tutorial because we don’t have access to the Nginx config file directly.

Note: You would need to contact Kinsta‘s support to add the above .htaccess converted into the Nginx config style. See the Slim PHP framework docs for more details about setting up your Nginx server.

This is pretty much how you set up your basic API client, I won’t get into more details, but you should read all the comments within the code that explain most of the code line by line.

For additional information, you should definitely look at the Slim user guides.


You can test your server by going to Your server is good if you get an Auth prompt window with user and password.

You can log in with the already added user and password, but you will probably get the 405 Method not allowed. It must be one of POST, which is expected since all of our routes use the post method.

If you cancel the prompted window, you should get an error like this.

{"status":"error","message":"Authentication failed"}

What’s Next?

Now we have our API client created and running. In the last part of this tutorial series, we will create the license key feature within our plugin and glue everything together.

‘Til the next one.

By Krasen Slavov

WordPress theme and plugin developer, blogger, ultra-distance runner, and mountain lover.

Leave a Reply

Your email address will not be published. Required fields are marked *