A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.
We're closed, folks!
Doug Nebeker ("Doug")
Check out this charming email I received this morning:
As you all know, I do have a full-time day job, but luckily I had planned for this situation and was able to generate his license key from my iPhone at work during a break, and email it to him within an hour of getting his mail.
He is the first of 14 buyers to send such an email -- the other 13 were happy to wait for the code (no more than 8 hours). My website does state in its FAQ that codes are not immediate, and can take up to 12 hours to be delivered. This guy is a fellow Aussie like me: seems we're an impatient bunch! :)
Now, obviously it's better to generate the license on-the-fly, so what would be the best way to do this? My codes are very basic: not hardware-locked (by design as I don't like that myself), and include an MD5 hash of their details + salt. Not secure if anyone cracks my apps, but it's working okay so far.
I'm wondering if PayPal can generate such licenses if I give them an algo? I couldn't see anything at their website. Or does FastSpring or other merchants offer such a service? Thanks!
I've just noticed that this guy has posted a negative review on my Facebook page warning others to stay away from my business because we don't send license codes and emails are "ignored". What a tosser! I replied stating that his code was emailed to him earlier today and to please check it. Is that all I should do? I can't delete his post. :(
Every payment processor specialized in software has multiple ways to generate licenses for you: FastSpring, Avangate, ShareIt... They all support license generator on your server hit using HTTP. ShareIt can also host key generator on their server, I'm not sure about others.
Yes, payment processors support this of course. See their documentation or support to find a solution.
I also expect to receive licenses instantly. Many customers also do. This is the most crucial part of your order process, it MUST work reliably and instantly. Believe me. I had to refund a few purchases for not being fulfilled instantly due do some error - lost email, bug in my order or delivery process, manual screening on the vendor's part, etc.
Here's how I do it.
Customer purchases a license via PayPal or FastSpring. Both vendors are able to post a HTTP call to my website when a purchase (or refund) happens. So this is what I do: I have a php script set up to handle this callback and insert/update the buyer and transaction data in my customer database. This script also generates an email and sends it to the customer (and notifies me too). This email contains information necessary to obtain the licensed product. In my case it's just a download link. PayPal can redirect the browser upon purchase to the personalized download page (unless they close it, so it's not fool proof).
I have no license keys, the licensed installer is a separate build, basically I have no DRM. I send out a unique URL pointing to a personalized download page (the download is also personalized, the customer name is embedded in the installer).
Users can also print the invoice here in this page.
I send out the license even if the payment is still pending (for example eCheck or wire transfer).
I have an account recovery link on the registration page. Enter a valid customer email and then
1) have your license URL resent to the email address or
2) get redirected to the licensed URL if the licensed download has not been downloaded yet.
It's all robust and automated. You can gain instant access even if your registration email has been lost to a stupid spam filter. Which happens all the time with hotmail boxes... Damn crappy hotmail.
Delivery related losses/refunds are down to zero since I have the recovery system in place. I had to intervene only once to solve a lost email issue when the customer failed to discover the account recovery page.
Thanks for the info, Zka.
I'm not really sure how I'd get PayPal to fulfill my specific license type, but your info gave me an alternate idea: PayPal can surely just send them a temp license (valid for 7 days) via email? The user can then use that until I get home to fulfill it with their "real" license.
As for his libelous Facebook review, I just deleted the page to get rid of it. It was only a placeholder page anyway, with only 10 "likes" from family members, and I never really used it much (aside from some brief toying with Facebook Ads, which achieved nothing). I bet he felt great leaving that review, but I felt even better removing the page! :) It's something he wouldn't expect.
Don't delete the facebook page, just turn off comments for the wall or how is it called. They can still message the page if they need support, but can't write any idiocy publicly.
Temp license is a good workaround, but you can get the best results by generating and sending out licenses in the HTTP callback.
> but you can get the best results by generating and
> sending out licenses in the HTTP callback.
Read that again! That's exactly right -- there really isn't any good reason that you should have to get involved. You don't scale. You might get sick. You might want to go on vacation. Get it automated -- it's not hard, and the effort you put in now will save you hours over the next number of years.
I hate to say it but if you are going to sell a lot of software, especially to consumers (and I hope you do!) then you are going to have to toughen up a bit. I wouldn't even put that email in the "mildly offensive" category compared to some I have received! And, of course, 99% of the time it won't be your fault.
My tactic in these situations, FWIW, is to be incredibly polite - partly in the hope (I have to admit) that is p!sses them off even more..
PSB136, I just want to say that your posts really make me smile. I love your enthusiasm, and I hope that you keep it up!
Wednesday, June 17, 2015
I recall reading that people are 4x more willing to spend their time spreading negative information about a product. But I think the long term solution is to encourage happy customers to share their happiness with the world. Shutting off the unhappy ones is not a productive use of your time and can backfire. (It should go without saying that improving your product and process should have top priority.)
As a person, I do not trust products and services that appear to have dozens of all-five-star reviews. There must be unhappy customers. At the same time, I do my best to dismiss non-constructive negative reviews. If a customer explains what exactly they did not like about a product or service, I can judge whether that particular aspect is important for me. Exception: if the vendor fights such reviews back, esp. with canned responses, it goes off the shortlist immediately.
Wednesday, June 17, 2015
I was totally professional and polite with my reply to his email demand. I was also nice (but to the point) when I responded to his negative Facebook review. I basically said:
"Hi, your license was emailed at HH:MM and I also sent an email follow-up later that day. I've not heard back from you yet, so I can only assume all is well?"
I think that says it all to anyone who may stumble upon his review. :)
As for getting thicker skin, yes, I will. I'm still new to this. Only started selling in January (5 months ago). And I'm glad I make you smile, Nicole. ;)
I wouldn't be too happy if I got a temporary license key and then had to deal with another key, later.
I used to use a technique that Zka described. I just put the download link to a fully-functional registered version of the software in the canned response "thank you" email.
Some people were probably sharing the download links, but it seemed to work well with no headaches and required no time to maintain while I worked on other products.
Wednesday, June 17, 2015
"Used to" because the niche market for command-line email tools dwindled to the point where my main applications weren't seeing many sales.
I don't actively sell any applications, so please take my prior post with a grain of salt.
Wednesday, June 17, 2015
I've done no tests for this but my impressions are receiving a temporary license only to be sent an actual license to be entered again later is a major pain. It also screams manual generation of codes, small enterprise, is this safe to use. Not a problem if it's home software, but a huge issue if it's something a business needs to depend on.
The only circumstance I can see issuance of a temporary license is if the user for whatever reason lost the original is needs to requests the license to be resent. A temp license can be immediately issued while the customer info is being verified.
PSB136 you once asked if software would be perceived as sneaky and underhanded if it asked for registration upon unlock request. I don't think it since if it's a purchased product that is usually when the purchase is made.
However if I received a temporary license after I've paid I wouldn't ask for a refund, but probably not use anything else from you. This is simply because most (I) expect that immediately after payment I get a full key. Especially if it's a relatively low cost product. Anytime spent waiting for a key is lost time for the customer. More time for them to think and get mad.
The typical behavior I've observed when people by small online software is that it's purchased when it's needed. If I decide to buy it I want to use it then. Not up to 12 hours from then. If I have to wait then I may look for something else instead that doesn't require me to wait.
One last thing, having that bit of info on a faq and not on the order screen looks sneaky and underhanded to me because now you've got my money before I knew I was going to have to wait.
If I could advise anything it would be to work at getting license generation automated asap. Who knows you could get reviewed and get a hundred plus license requests at once. Regardless of how easy it is for you to do is it the best use of your time?
Wednesday, June 17, 2015
What you're looking for is called IPN (instant payment notification).
You can tell PayPal which script on your website to call after a sale. It will POST to that script with a bunch of variables.
You have to validate the input, then update your DB, generate your license and send it off.
Note that this is async, and can sometimes take a bit of time after the user has paid. So be sure to warn users of potential delays on your Thank You page.
You need to send people a licence key as soon as they purchase. Waiting 8 hours is not acceptable in 2015.
I send them a temporary (5 day) key immediately via Avangate. Then I send them a permanent key when I have chance to check their order, usually with a few hours. Generating the permanent licence key is just a drag and a click.
The reason I do this is to ensure that the licence key is in the name of a single end user. Not the name of their company. They can buy an organizational licence in the name of their company, but it costs a lot more.
I get very few complaints about the temporary key.
It is a bit of extra work for me and for the user. But I think it is worth it to ensure that someone doesn't buy a single licence in the name "Acme Inc" and share it with their 5 colleagues in the event planning dept. How do those of you who generate a permanent key automatically get around this?
BTW http://www.e-junkie.com/ is a good and cheap way to integrate with Paypal. I used it for a number of years.
Thursday, June 18, 2015
All good advice, but I have a problem that I'm embarrassed to admit. I know nothing about web coding, so I have no idea how to integrate anything into PayPal.
Maybe this can help you: currently when I need to generate a license from the web, I open an URL to my website like this:
This generates an MD5 hash of the text, which I then email to the buyer. I also have a local offline app that does the same thing. Can I somehow get PayPal to do the same sort of thing?
Sorry, I should've mentioned it does generate a hash, but adds it to the customer name and email, too. So the resulting license code is like this:
You can see the hidden (salt) is replaced by commas, so the buyer never sees it. It's working fine, as clunky and as ugly as it is.
That MD5.php file must be taking the text argument, performing an algorithm on it, and then returning that to the browser.
So you make a similar page that instead of taking an argument 'text', takes whatever arguments your payment processor provides, probably things like 'first', 'last', 'company', etc. Add your salt however you'd like. Perform your same algorithm. Then instead of returning the result to the browser, you send it to a function that will send an email. You probably also need to return something back to the 'browser' (really the payment processor) so they know you handled the request.
PHP is a very easy language to learn. I don't know it, but it's simple enough you can pattern-match and make something work. And there have to be thousands and thousands of online examples. You're smart -- it won't take you much time.
Would not it be unwise to NOT use temp keys when offering a 100% no-question-asked money back guarantee?
Friday, June 19, 2015
Dmitry, I agree. I'm going to just do a temp key after all, for the reason you just gave, for the reason Andy gave, and for the reason that I don't want the hassle of learning PayPal's IPN stuff.
I'll make it a 60-day temp key (since PayPal allows refunds up to 60 days after payment), and then auto-email the buyer the perm key after that. I'll make it easy for them: they'll just have to copy it to the clipboard and when they run the app, it'll see it and auto-upgrade without any further action from the user.
Some users might freak out about getting another key, but I think that's a trade-off I can accept, because it's (a) better than something freaking out about not getting it immediately and posting a neg review, and (b) better than someone buying and then getting a refund and using the full app for free (like I fear this neg reviewer may do).
Just for the hell of it, I spent yesterday trying to learn PayPal's IPN feature, and it's a nightmare! For someone with no web-coding experience, I seriously don't see how they expect newcomers to learn it.
Anyway, I was able to finally get it to send a license code (using php's "mail" command) in response to a "sale" (ie. a sale from it's simulator), but the code gets sent 35 times... take a look:
I'm not sure how to fix that.
In addition, I'm worried that if a business buys my app (which they're not entitled to, as they're for private home use only), then IPN means they'll get a license code immediately when they shouldn't.
So, I'm kind of not convinced yet that IPN is for me... and I really shouldn't be wasting so much time bothering with it just because of a single user's complaint.
Your code probably does not return a http response, this makes PayPal retry 16 times :)
There are samples which are easy to adapt for your needs. I used this one or something very similar.
@PSB136 - Hey, I'm an Aussie too. I like your posts. I wanted to send you a PM to see if you were interested in chatting about software and building products, etc some time.
Except the bloody "Send PM" button on this forum is broken and redirects back to the homepage now. Hit me up if you're interested :)
Thursday, June 25, 2015
Update: I knew it! I made another sale a few hours ago, but now the buyer wants a refund because he says the license code doesn't work. We're emailing back and forth to try to work out what the problem is, but he's Spanish with poor English. :(
See, this is why sending immediate codes on payment are a bad idea. He will probably get a refund and still be able to use the registered app anyway. I knew I should've started using temp licenses.
> Shouldn't your licencing mechanism have the capacity to revoke the licence?
Theoretically, yes. But my apps purposely don't access the internet and don't contain and DRM features, because I loathe such apps myself. I believe what the buyer buys, he has every right to use forever without dealing with me every again, even if he changes his PC setup.
It sounds noble, but it also means I'm causing extra hassles for myself. :(
Okay, I've worked out how I'm going to give a license upon payment immediately, and be able to later revoke it without needing internet access. It may sound stupid, but I think it's cool.
PayPal has a feature that takes the buyer to a specified web page upon successful checkout/payment. On that page (on my site), a temp code that allows full unlocked use of my app will be presented to the buyer, which they can apply to get full immediate use of their purchase. This same page also informs them that if no refund is requested within 60 days, a permanent code will be sent to them for lifetime use.
This means two things: the buyer gets immediate use of the full app upon payment, and if they request a refund within 60 days as permitted by PayPal, then their temp code soon won't work and they also won't have received a permanent code to apply either.
I think this is the only workable solution to my personal principles of no DRM and no net access for my apps. As a buyer, I'd be okay with this arrangement.
(And no, the temp code won't work repeatedly: the app knows the 60 days has elapsed and will refuse the temp code in future. Same deal if the user then tells others the code: the others may get full use for 60 days, but that's it -- no further use until paid).
I've now written an in-house app that automatically emails out the real license codes after 60 days, saving me the hassle of doing it manually. So, to reiterate my new workflow:
(1) Customer purchases with PayPal.
(2) PayPal opens "thank you for purchasing" page with 60-day code, and explains a permanent code will be emailed after 60 days to avoid fraudulent purchases or chargebacks.
(3) Due to step 2, the purchaser gets instant access to the full version immediately.
(4) I get notification from PayPal with buyer's personal details.
(5) I put customer's name, email and license code into my app.
(6) My app runs daily, and every morning will email any customer's permanent codes out if 60 days has passed.
Seems good enough to me. Customers might sook about step 2, but if they're going to be that unreasonable then I'd rather not have them as customers anyway. :P
This topic is archived. No further replies will be accepted.Other recent topics
Powered by FogBugz