Tell me more ×
Answers OnStartups is a question and answer site for entrepreneurs looking to start or run a new business. It's 100% free, no registration required.
up vote 6 down vote favorite
2

I have a company that will be selling software online, and I'd like for customers to be able to pay online and then just click on a "Download Now" button and download the software automatically, without me or someone else from the company having to email the software program to the person.

Is there a site or device that I could use to do this?

Thank you!

share|improve this question

8 Answers

up vote 6 down vote accepted

This is a good question, but I think you shouldn't limit the download of your app.

Why you shouldn't limit the download of your app

The reason you shouldn't limit the download of your app is that if you do you'll increase the amount of stolen credit cards being used to purchase your program. Thieves will be thieves. Limiting your app to "paying" customers won't stop a thief from buying 5000 stolen credit cards for $10 and running through the list until they get one that works.

If you have the download readily available then it will be fly paper for the thieves; they'll try to steal your app through normal reverse engineering means. You'll get less orders from stolen credit cards, thus you'll save money on the inevitable chargebacks once the victim realized they've had their credit card number stolen. Plus, hiding your software behind a private link is a hassle for legit users. Don't piss off your customers.

If you're keeping the download link private for renewal purposes (e.g. they can only update for a year), then you're better off solving this with licensing. The way you can do it in LimeLM is by using custom license features -- we have a full example that shows how to limit updates via licensing.

How to deliver product keys to your users

Delivering the product to your user (whether a download location or a product key) is dependent on a couple of factors:

  1. The licensing you use
  2. The payment platform you use

Most payment providers have ways of calling a script on your website to let you know a sale has been made. For example, using PayPal's IPN (Instant Payment Notification) can call a script on your website and from that script you can generate a serial then send your new customer an email with the product download site and serial number.

We actually have a full PayPal payment example written for PHP and ASP.NET (C# and VB.NET) that automates the entire process. It uses the PayPal IPN alongside our LimeLM web API to process the order, generate the product key on the fly, then email the user. So a user can start using the fully registered version of your software seconds after their order is processed.

If you update your question with the payment platform you use then we can point you to the right API or example code to use.

Lastly, if you're determined to keep your installer to customers only (even despite my advice not to), then you can do it with a simple script. Just pass the new customer's product key as a parameter to a script. For example: http://example.com/latest-installer.php?pkey=ABCD-EFGH-IJKL-MNOP-QRSTU

Here's an ASP.NET C# snippet of what the script would look like:

//TODO: verify the product key is valid, if not show an error and bail out

//if the pkey is valid, deliver the latest installer:
Response.Clear();

// download the file and bail
Response.AddHeader("Content-Description", "File Transfer");
Response.ContentType = "application/octet-stream";
Response.AddHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(installerFile));
Response.AddHeader("Content-Transfer-Encoding", "binary");
Response.AddHeader("Expires", "0");
Response.AddHeader("Cache-Control", "must-revalidate, post-check=0, pre-check=0");
Response.AddHeader("Pragma", "public");
Response.AddHeader("Content-Length", new FileInfo(installerFile).Length.ToString());

// output the file
Response.WriteFile(installerFile);

Response.End();

Here's what the same snippet would look like in PHP:

//TODO: verify the product key is valid, if not show an error and bail out

//if the pkey is valid, deliver the latest installer:
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.$installerFilename.';');
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($installerFullPath));
ob_clean();
flush();
readfile($installerFullPath);
exit;
share|improve this answer
1  
This is great- thank you very very much, I really appreciate it! – user6492 Jan 14 '11 at 13:51
1  
I'm confused. Who in their right mind would use a list of 5,000 credit cards to steal a $10 piece of software? I think when he means stealing, he means sharing the download link with friends. Am I missing something? – Alex Cook Jan 17 '11 at 17:01
Alex, "buying 5000 stolen credit cards for $10" means the thief bought a list of credit cards for $10 (not that the price of the software was $10). As shocking as that may seem, that's how stolen credit card numbers are sold (and resold): in large batches for low prices. – Wyatt O'Day Jan 17 '11 at 18:12
up vote 1 down vote

There are companies that provide this service; sorry I can't personally recommend any beyond a Google search.

You can ask the question on Stackoverflow.com to get technical expertise.

Your software can require a key that you provide in an email without sending the entire app.

You can create a hidden page on your site with the download link.

Ideally, you send an email with a GUID that is a parameter on a page that has to be verified with the client record. After the client connects to this page, you can set a flag on the record that prevents them from accessing this page again.

If someone can download a file and install on their computer, what is to prevent them from giving the file to someone else for free? EReader uses the credit card number of the buyer to register a book. Not too many people would want to give this out to people they want to use the software for free.

share|improve this answer
up vote 1 down vote

There are plenty of licensing services and products that will do this. You can also write your own - I made a PayPal payment interface script that did exactly what you are asking about.

I would not recommend writing your own though - it is a hassle and there are better things to spend your time and efforts on.

share|improve this answer
up vote 1 down vote

I automatized the process with Plimus in our of my companies.

I used a custom solution in the past, but only because I got high volume in transaction, and I was able to save a lot in transaction costs. Don't do it unless you have at least 20K a month in revenues.

There are many others such as SWReg, ShareIt or RegSoft.

Check this page for a comparison.

share|improve this answer
up vote 1 down vote

I would recommend PayPro, an end-to-end eCommerce solution that is optimized to sell software online. PayPro offers a variety of payment options for online shoppers. Your order pages can be completely customized to match your website design and make customers feel confident while purchasing. Confirmation emails can be also customized and include a link to download a product – it is sent automatically after purchase is successfully completed. PayPro provides a reliable fraud detection system preventing fraudulent orders without impeding valid orders. They have friendly and very responsive support for vendors and shoppers.

share|improve this answer
up vote 0 down vote

I use DPD. They provide functionality to deliver activation keys so will be suitable for software.

E-junkie is a popular option but I had a problem with getting discounts working with them, and their user interface is subpar.

share|improve this answer
up vote 0 down vote

I have a simple technique that we use for secure PDFs. You put the file in a directory that is not browse-able from the general internet traffic. You then grant your web app permission to pull the file and then resend the file to the browser. If they are not authenticated the way you want, they can't reach that download.

Of course, I think some sort of "key system" where one download can only be installed X times might also be helpful.

share|improve this answer
up vote 0 down vote

If you try to secure the download, how can you stop duplication. My answer was to limit the licence. Let them copy the software all they want, but lock down the usage. I used the rainbow technologies dongle. The updates were simple and unfettered while the licence was tied to the hardware.

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.