there is no native API that does this.  some developers have their own authentication server which the app checks and make sure it is registered on the server.  The only problem with this is that you have to have wifi connection on which most people don't unless they are near a hotspot.

 

 

First thank you

My application is web based, so they have to have internet connection to use. so If I can use my own authentication server to do this, that will be fine for me.

the question is how I can make sure the customer actually had paid to app world to buy my application? without the native support of blackberry app world itself, I feel hard to implement the verification logic.

Maybe you have some suggestion?

There are many threads on dynamic license. See if any of that helps.

when you add your app to Appworld you can select the License Model = Dynamic

and you give the URL to app world to get the key from your server.

 

you can then monitor which keys have been used to authenticate illegal use of your app.

 

you can read more about license model on appworld help section or search this forum.

 

 

What is a Dynamic Key Model?

thank you, the information is important to me!

I try to understand how the Pool license model  or Dynamic license model work, in both case, the customer will get a key, either from the pool or from my external license server. the question is how the key will be used to prevent extraction and piracy?

If the bar is extracted with the key within it, will it allow other person to install and run my application?

Does ths key binded to customer's playbook ID and checked every time when the application get started?

 

Without the answer, I am not sure the dynamic license model or pool license model will serve my need,

please help

 

I think when the user purchase your app they are giving the code from your pool and if that runs out you need to refresh your pool of codes.  If someone gets your bar file illegally then they need to code to unlock your app and if they share the code then you are SOL.  The more secure method is of course dynamic.

 

 

 

Yes, I decide to go dynamic way.

Can you point me the document about the native API that can read the key from bar file when program start?

I guess I have to do that instead of playbook OS's native support

 

 

There is no key from the bar file, and after the app has been installed, there is no BAR file (it is unpacked).. The key comes initially during the purchase to your server (along with the device id). You store that information. Upon check to validate the purchase, you send the device id to the server to see if it is a registered device. (along with app-id since the person may buy more than 1 app from you). Hope that helps.

Your method seems working for dynamic license scenario.

But I still doubt the key should exist somewhere in client playbook after customer download and install the application.(maybe in JAD file?)

because if they are using other license mode like pooling license mode, the developer cannot get client's personal information like playbook id, email address etc.. without the key, how could application verify?  yes, the app can still send whatever information it get hold and send out to external server, but that information cannot be used to do authentication alone

please let me know what you thought