An API client for Envato in PHP, with simplified OAuth, token storage, and request sending.
- Notes
- Installation
- Authentication
- Sending Requests
- Catalog
- Profile
- User
- Market
- Other Endpoints
- Handling Errors & Exceptions
- Examples
- Breaking changes in v3
- Contributors
This API client is fully working though not necessarily completed. Of course, any updates that aren't backwards-compatible will be bumped up a major version. Other than that, here's some info you'll probably want to know.
- This client does not disable SSL. It ships with a Certificate Authority bundle and uses this bundle to verify the Envato API's SSL certificate, instead of relying on the system's often-unavailable certificate.
Include this into your project using Composer. It will be autoloaded.
composer require baileyherbert/envato
Start a new client with a personal token (create one at build.envato.com).
$token = new Herbert\Envato\Auth\Token('Your Personal Token');
$client = new Herbert\EnvatoClient($token);
With OAuth, you must redirect your users to Envato's authentication screen, where they will approve your requested permissions. Then, they will be redirected back to your application
with a code
query parameter that can be used to obtain an API token.
The following example demonstrates a complete OAuth guard that redirects the user and creates a client when they return. It also persists their credentials to a PHP session, so the client can be recreated and the token can be renewed in future requests.
// Generate the OAuth object
$oauth = new Herbert\Envato\Auth\OAuth([
'client_id' => 'Your client id',
'client_secret' => 'Your client secret',
'redirect_uri' => 'https://your-redirect-uri.com/',
'store' => function(string $session) {
// Example: Save the OAuth credentials to a PHP session
// This is just a JSON-encoded string that looks like below:
// {"access_token": "...", "refresh_token": "...", "expires": 1710526960}
$_SESSION['envato_oauth'] = $session;
}
]);
// Example: Restore existing OAuth credentials from a PHP session
if (isset($_SESSION['envato_oauth'])) {
$oauth->load($_SESSION['envato_oauth']);
}
// Get the client (will return NULL if not authenticated)
// This will auto-detect the "code" query parameter on the current request
// If found, it will attempt to create a token and instantiate the client
$client = $oauth->getClient();
// Redirect the user if they're not authorized yet
if (!$client) {
header("Location: " . $oauth->getAuthorizationUri());
die;
}
// Example: Get the user's unique Envato Account ID
// This sends a request to the Envato API, so don't call it often!
$userId = $client->getUserId(); // int(1908998)
// Example: Request the user's username
// This sends a request to the Envato API, so don't call it often!
$response = $client->user->username();
$username = $response->username; // string(13) "baileyherbert"
To make this example work, create a new app at the build.envato.com website. The redirect_uri
should point directly to the file where the above
code is hosted and must be exactly the same both in the code and on the registered Envato App.
Tokens generated in this manner will expire after one hour. However, by using the store
callback and load()
method as shown above, the client can automatically renew them in the
background. When that happens, the store
callback will be invoked again with the new credentials.
Here's an example request to get the current user's username. Currently, it returns a ResultSet
object; this object exposes a results
property which is an array of the raw API response.
$response = $client->user->username();
if (!$response->error) {
$username = $response->results['username'];
echo "Logged in as {$username}";
}
else {
echo "Error: {$response->error}";
}
For an endpoint which has variables, you can pass them as an array. This works for all endpoint versions, including legacy v1 and the new v3.
$response = $client->profile->portfolio([
'username' => 'baileyherbert'
]);
To determine how long a request took to execute (in seconds), you can reference the $response->time
property.
If you're being rate limited, the client will throw a TooManyRequestsException
exception. The exception instance has
methods to help work with the rate limit.
use Herbert\Envato\Exceptions\TooManyRequestsException;
try {
$item = $client->catalog->item(['id' => 1234567]);
}
catch (TooManyRequestsException $e) {
// Get the number of seconds remaining (float)
$secondsRemaining = $e->getSecondsRemaining();
// Get the timestamp for when we can make our next request
$timestamp = $e->getRetryTime();
// Sleep until the rate limiting has ended
$e->wait();
}
If there is a new endpoint which is not yet available in this package, you may use the $request
property on the
client to manually send the request until it is added.
There are methods available for each request type (get
, post
, etc). Pass the path as the first parameter. Pass your
POST body variables as the second parameter, these will also replace variables in the path denoted by {}
.
$client->request->get('/v1/market/user:{username}.json', [
'username' => 'collis'
]);
$client->catalog->collection(['id' => 12345]);
$client->catalog->item(['id' => 12345]);
$client->catalog->item_version(['id' => 12345]);
$client->catalog->items(['site' => 'codecanyon.net', 'term' => '']);
$client->catalog->comments(['item_id' => 12345]);
$client->catalog->popular(['site' => 'codecanyon']);
$client->catalog->categories(['site' => 'codecanyon']);
$client->catalog->prices(['item_id' => 12345]);
$client->catalog->newest(['site' => 'codecanyon', 'category' => 'php-scripts']);
$client->catalog->featured(['site' => 'codecanyon']);
$client->catalog->random(['site' => 'codecanyon']);
The profile
category represents a public Envato user.
$client->profile->collections();
$client->profile->collection(['id' => 12345]);
$client->profile->details(['username' => 'baileyherbert']);
$client->profile->badges(['username' => 'baileyherbert']);
$client->profile->portfolio(['username' => 'baileyherbert']);
$client->profile->newest(['username' => 'baileyherbert', 'site' => 'codecanyon']);
The user
category represents the currently-authenticated user.
$client->user->sales();
$client->user->sale(['code' => '*****']);
$client->user->purchases();
$client->user->purchase(['code' => '*****']);
$client->user->download(['purchase_code' => '*****']);
$client->user->download(['item_id' => '123456']);
$client->user->details();
$client->user->username();
$client->user->email();
$client->user->earnings();
$client->user->statement([
'page' => 1,
'from_date' => '2021-02-01',
'to_date' => '2022-06-21',
'type' => 'Sale',
'site' => 'codecanyon.net'
]);
$client->market->users();
$client->market->items();
$client->market->site(['site' => 'codecanyon']);
$identity = $client->getIdentity();
The identity will be an object that looks like this:
object(stdClass)#1 (4) {
["clientId"]=> NULL
["userId"]=> int(1908998)
["scopes"]=> array(18) {
[0]=> string(7) "default"
[1]=> string(13) "user:username"
[2]=> string(10) "user:email"
[3]=> string(12) "user:account"
[4]=> string(14) "user:financial"
[5]=> string(17) "purchase:download"
[6]=> string(12) "sale:history"
[7]=> string(11) "sale:verify"
}
["ttl"]=> int(315360000)
}
If you only care about the userId
property, you can retrieve it more easily:
$userId = $client->getUserId(); // int(1908998)
All exceptions in this libary are under the Herbert\Envato\Exceptions
namespace.
When performing OAuth authorization, you may encounter one of these exceptions:
InvalidTokenException
if the token provided is not a string.MissingPropertyException
if OAuth is missing one of the constructor parameters (client_id, client_secret, redirect_uri).NotAuthenticatedException
if you try to construct anEnvatoClient
before being authenticated.
When performing a request, there are four possible exceptions that can be thrown.
BadRequestException
if required arguments are missing or are invalid.UnauthorizedException
if the current authorization is invalid.TooManyRequestsException
if requests are being throttled for high activity.EndpointException
if there was a major error (API down, no internet connection, etc).
Otherwise, if an error occurs in the request, it will be accessible in detail using the $response->error
property (which is null
when successful or a string
with error details otherwise).
If you're an author and want to check a purchase code provided to you from a buyer, this is an example for you. To make this work, you'll want to use Personal Token authentication.
$purchase_code = 'purchase code here';
$token = new Herbert\Envato\Auth\Token('Your Personal Token');
$client = new Herbert\EnvatoClient($token);
$response = $client->user->sale(['code' => $purchase_code]);
if (!$response->error) {
$sale = $response->results;
$sold_at = $sale['sold_at']; // "2013-04-16T01:59:35 10:00"
$license = $sale['license']; // "Regular License"
$supported_until = $sale['supported_until']; // "2013-10-16T00:00:00 10:00"
$item_id = $sale['item']['id']; // 1252984
$item_name = $sale['item']['name']; // "Item Name"
$author_username = $sale['item']['author_username']; // "baileyherbert"
$num_licenses = $sale['purchase_count']; // 3
$buyer_username = $sale['buyer']; // "bestbuyerever"
echo "I got information!";
}
else {
echo "The code produced an error:\n";
echo $response->error;
}
If upgrading the package to v3
from an earlier version, there is a single breaking change. The user->sales()
method
was pointing to the wrong endpoint.
- The previous
$client->user->sales()
endpoint has been renamed to$client->user->earnings()
- The new
$client->user->earnings()
endpoint lists your earnings by month - The new
$client->user->sales()
endpoint lists your individual sales
Special thanks to the following contributors for their help in maintaining this package: