How to let customers download software automatically after payment through a website?

I have a company that will be selling software online, and I'd like for customers to be able to pay online and then just click on a "Download Now" button and download the software automatically, without me or someone else from the company having to email the software program to the person.

Is there a site or device that I could use to do this?

Thank you!

Software Website Selling

asked Jan 14 '11 at 12:42

User6492
1,747 points

Top digital marketing agency for SEO, content marketing, and PR: Demand Roll

8 Answers

This is a good question, but I think you shouldn't limit the download of your app.

Why you shouldn't limit the download of your app

The reason you shouldn't limit the download of your app is that if you do you'll increase the amount of stolen credit cards being used to purchase your program. Thieves will be thieves. Limiting your app to "paying" customers won't stop a thief from buying 5000 stolen credit cards for $10 and running through the list until they get one that works.

If you have the download readily available then it will be fly paper for the thieves; they'll try to steal your app through normal reverse engineering means. You'll get less orders from stolen credit cards, thus you'll save money on the inevitable chargebacks once the victim realized they've had their credit card number stolen. Plus, hiding your software behind a private link is a hassle for legit users. Don't piss off your customers.

If you're keeping the download link private for renewal purposes (e.g. they can only update for a year), then you're better off solving this with licensing. The way you can do it in LimeLM is by using custom license features -- we have a full example that shows how to limit updates via licensing.

How to deliver product keys to your users

Delivering the product to your user (whether a download location or a product key) is dependent on a couple of factors:

The licensing you use
The payment platform you use

Most payment providers have ways of calling a script on your website to let you know a sale has been made. For example, using PayPal's IPN (Instant Payment Notification) can call a script on your website and from that script you can generate a serial then send your new customer an email with the product download site and serial number.

We actually have a full PayPal payment example written for PHP and ASP.NET (C# and VB.NET) that automates the entire process. It uses the PayPal IPN alongside our LimeLM web API to process the order, generate the product key on the fly, then email the user. So a user can start using the fully registered version of your software seconds after their order is processed.

If you update your question with the payment platform you use then we can point you to the right API or example code to use.

Lastly, if you're determined to keep your installer to customers only (even despite my advice not to), then you can do it with a simple script. Just pass the new customer's product key as a parameter to a script. For example: http://example.com/latest-installer.php?pkey=ABCD-EFGH-IJKL-MNOP-QRSTU Here's an ASP.NET C# snippet of what the script would look like:

//TODO: verify the product key is valid, if not show an error and bail out

//if the pkey is valid, deliver the latest installer:

Response.Clear();

// download the file and bail

Response.AddHeader("Content-Description", "File Transfer");

Response.ContentType = "application/octet-stream";

Response.AddHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(installerFile));

Response.AddHeader("Content-Transfer-Encoding", "binary");

Response.AddHeader("Expires", "0");

Response.AddHeader("Cache-Control", "must-revalidate, post-check=0, pre-check=0");

Response.AddHeader("Pragma", "public");

Response.AddHeader("Content-Length", new FileInfo(installerFile).Length.ToString());

// output the file

Response.WriteFile(installerFile);

Response.End();

Here's what the same snippet would look like in PHP:

//TODO: verify the product key is valid, if not show an error and bail out

//if the pkey is valid, deliver the latest installer:

header('Content-Description: File Transfer');

header('Content-Type: application/octet-stream');

header('Content-Disposition: attachment; filename='.$installerFilename.';');

header('Content-Transfer-Encoding: binary');

header('Expires: 0');

header('Cache-Control: must-revalidate, post-check=0, pre-check=0');

header('Pragma: public');

header('Content-Length: ' . filesize($installerFullPath));

ob_clean();

flush();

readfile($installerFullPath);

exit;

answered Jan 14 '11 at 21:51

Wyatt O'day
964 points

This is great- thank you very very much, I really appreciate it! – User6492 14 years ago
I'm confused. Who in their right mind would use a list of 5,000 credit cards to steal a $10 piece of software? I think when he means stealing, he means sharing the download link with friends. Am I missing something? – Alex Cook 14 years ago
Alex, "buying 5000 stolen credit cards for $10" means the thief bought a list of credit cards for $10 (not that the price of the software was $10). As shocking as that may seem, that's how stolen credit card numbers are sold (and resold): in large batches for low prices. – Wyatt O'day 14 years ago

There are companies that provide this service; sorry I can't personally recommend any beyond a Google search.

You can ask the question on Stackoverflow.com to get technical expertise.

Your software can require a key that you provide in an email without sending the entire app.

You can create a hidden page on your site with the download link.

Ideally, you send an email with a GUID that is a parameter on a page that has to be verified with the client record. After the client connects to this page, you can set a flag on the record that prevents them from accessing this page again.

If someone can download a file and install on their computer, what is to prevent them from giving the file to someone else for free? EReader uses the credit card number of the buyer to register a book. Not too many people would want to give this out to people they want to use the software for free.

answered Jan 14 '11 at 13:05

Jeff O
6,169 points

There are plenty of licensing services and products that will do this. You can also write your own - I made a PayPal payment interface script that did exactly what you are asking about.

I would not recommend writing your own though - it is a hassle and there are better things to spend your time and efforts on.

answered Jan 14 '11 at 14:16

Tim J
8,346 points

I would recommend PayPro, an end-to-end eCommerce solution that is optimized to sell software online. PayPro offers a variety of payment options for online shoppers. Your order pages can be completely customized to match your website design and make customers feel confident while purchasing. Confirmation emails can be also customized and include a link to download a product – it is sent automatically after purchase is successfully completed. PayPro provides a reliable fraud detection system preventing fraudulent orders without impeding valid orders. They have friendly and very responsive support for vendors and shoppers.

answered Feb 9 '11 at 20:37

Natalie
11 points

I use DPD. They provide functionality to deliver activation keys so will be suitable for software.

E-junkie is a popular option but I had a problem with getting discounts working with them, and their user interface is subpar.

answered Jan 14 '11 at 14:15

Alex Aotea Studios
665 points

I have a simple technique that we use for secure PDFs. You put the file in a directory that is not browse-able from the general internet traffic. You then grant your web app permission to pull the file and then resend the file to the browser. If they are not authenticated the way you want, they can't reach that download.

Of course, I think some sort of "key system" where one download can only be installed X times might also be helpful.

answered Jan 15 '11 at 05:59

Scott
468 points

If you try to secure the download, how can you stop duplication. My answer was to limit the licence. Let them copy the software all they want, but lock down the usage. I used the rainbow technologies dongle. The updates were simple and unfettered while the licence was tied to the hardware.

answered Jan 17 '11 at 15:10

Dave
101 points

For years I have been using the free version of Locked Area (locked-area.com) for this purpose.

All you have to do is download the Locked Area files.

Follow the instructions they provide for setting everything up.

You will set up files in cgi_bin, and also create a members directory in your public_html.

Once you follow all the steps and install Locked Area it will automatically password protect your members directory, and you will have a registration link.

This registration link is what is sent to your customers after they make a purchase.

It is a registration form where they create a username and password so they can enter your protected members area.

The members area is where you have your download.

No one can enter that area unless they create a username and password through your registration form.

You can rename the registration form file to something else so people won't be able to guess it.

As people buy your download and create the username and password their email address is added to your Locked Area Admin panel so if you ever have to send out mass emails, then you can email just one email from within your Locked Area Admin panel and it will be sent to all your customers automatically.

Just be sure to follow the instructions on how to get all setup, and you can customize your registration form etc. from within your Locked Area Admin panel etc.

answered Nov 30 '13 at 09:40

Mooba
1 point