Skip to main content
Participant
October 18, 2021
Question

CEP Api to retrieve whether Plugin has been purchased

  • October 18, 2021
  • 1 reply
  • 666 views

We are currently planning on developing a Premiere Pro extension that we would like to commercialize through the Adobe Exchange marketplace. 

 

As CEP extensions are just put in the "CEP\extensions\" folder our users could just copy paste the extension after purchasing it and share it on the internet. For that reason we would like to retieve a list of extensions the logged-in user purchased to make sure that the user is owning the extension. Obviously this won't stop piracy but it'll make it a lot more difficult. 

 

Is there such an api? How are other developers who are selling their extensions through the Adobe Exchange marketplace solving this issue?

 

Thanks a lot in advance,

Chris

This topic has been closed for replies.

1 reply

erinferinferinf
Adobe Employee
Adobe Employee
October 19, 2021

So, the ZXP signing process that you'll need to do to distribute on the Exchange does have safeguards. There is an authentication check on install to make sure that the user is entitled to the plugin.

 

Some developers, wary that copying and pasting is still possible, also take steps to minify the JavaScript, so it's at least a little harder to pirate.

 

I'll quote another thread here:

 
quote

You may find the following blogposts from @DavideBarranca helpful – or at least interesting:

 

HTML Panel Tips #22: Protecting your Code

Partial Serial Number Verification System in Javascript


By @Stephen Marsh

 

 

Participant
October 22, 2021

Hi erinferinferinf thank you for that interesting insight,

quote
There is an authentication check on install to make sure that the user is entitled to the plugin.
By @erinferinferinf

 

I've just tried to test this by downloading an extension from the exchange marketplace on PC1 (user1 is logged in) then going to C:\Program Files (x86)\Common Files\Adobe\CEP\extensions from where I've copied the extension folder. I've pasted it in C:\Program Files (x86)\Common Files\Adobe\CEP\extensions on PC2 (user2 logged in).

 

As PC2 was not connected to the internet and user2 never aquired the plugin my expectation would be that the plugin cannot be used as user2 should not be entitled to the plugin. However the copy-pasted plugin from PC1 worked well on PC2.

 

We are not much concerned about users decompiling the code and the JavaScript is already minified while also using JSXbin to obscure the JSX logic. What we are conscerned about though, is the fact that pirating the extension is way to easy. Companies or users purchasing our extension could just purchase the plugin once on one PC and copy / paste it to all of their other PCs.

 

The link you've provided is a great read but It made me think that we might've been working under the wront assumption until now. We assumed that the workflow for users purchasing an extension would be:

  1. User purchases extension through Adobe Marketplace
  2. User installs purchased extensions
  3. User can get started using the purchased extension.

 

However reading between the lines of your response I get the feeling that the workflow to protect the extension would rather be:

  1. Users purchase extension through Adobe Marketplace;
  2. Users install extension
  3. Extension shows message that serial is required
  4. Developer has to wait for fastspring / adobe marketplace to inform about the purchase
  5. Developer has to send a serial to the user
  6. Users have to wait for serial to start using the extension
erinferinferinf
Adobe Employee
Adobe Employee
October 28, 2021

So, what I'm hearing is, you don't want user to be able to copy and paste a plugin from one machine to another. Lots of developers share that concern!

 

I'm surprised your experiment worked. Do you have debug mode turned on? I would think that user2 ought not be able to use the plugin, if it originated from the Adobe Marketplace. Did you log out of the Creative Cloud Desktop app? Which version of Creative Cloud Desktop App do you have installed?

 

If you log on to the internet on PC2 with user2, with user2 logged into the Creative Cloud Desktop App, and then try to run the extension, what happens?

 

So in most cases, I think your first outlined scenario above (1. Purchase, 2. Install, 3. Use) is expected and how it usually works.

 

The second scenario is closer to what some developers do, but I don't think that's quite how it works. In my experience it's more like this:

 

  1. Users purchase extension outside the Adobe Marketplace, from Gumroad or another marketplace;
  2. Developer uses an automated service to send a serial number to the user, often via email, with installation instructions
  3. Users install extension
  4. Extension shows message that serial is required
  5. The user pastes in the serial number the developer provided via Gumroad

 

The current plugin Marketplace does not provide serial numbers, as is my understanding, so some developers don't use our Marketplace because they want that option, and not just because of piracy concerns. Adobe does not provide user contact information. For some developers, being able to collect an email address at the time of purchase is essential, so they can email users about updates or bug fixes. (Some developers may collect contact information after purchase, I think, from within the panel.)