License Manager for WooCommerce

Easily sell and manage software license keys through your shop

Additional REST API Validation

This tutorial will demonstrate how you can perform additional request data validation, and abort a REST API call if your validation did not pass. In this specific tutorial we will pass an additional UUID to the license activation request, then check if the license has previously been activated using that UUID, if that’s the case we will return an error.

To sum everything up, we will demonstrate the following:

  1. Adding an additional parameters activation request
  2. Validating additional parameters on the server
  3. Returning an error if validation condition did not pass.

The first thing you need to do, is modify your REST API license activation request. Simply add a JSON object with a key named uuid and its value. It’s also important to set the Content-Type header to application/json

Then, you will need to pass a function to the lmfwc_rest_api_validation filter. This filter takes 3 arguments. The function in that filter will look something like this:

function lmfwc_tutorial_check_uuid($result, $server, $request) {
    // Not our route, nothing to do...
    if (strpos($request->get_route(), '/lmfwc/v2/licenses/activate') === false) {
        return true;

    // Retrieve the body parameters
    $body = $request->get_json_params();

    // The request body was empty, or the "uuid" property is missing.
    if (!$body || !array_key_exists('uuid', $body)) {
        return new WP_Error(
            'The UUID is missing from the request.',
            array('status' => 400)

    // Obtain the license key from the request URL
    $licenseKey = explode('/lmfwc/v2/licenses/activate/', $request->get_route())[1];

    // Retrieve the license object
    $license = lmfwc_get_license($licenseKey);

    // The license was not found
    if (!$license) {
        return new WP_Error(
            'The license was not found.',
            array('status' => 404)

    // Check if the license key already has this UUID
    $previousActivation = lmfwc_get_license_meta($license->getId(), 'activation_uuid', true);

    // Throw an error if that's the case
    if ($previousActivation && $previousActivation === $body['uuid']) {
        return new WP_Error(
            'The license was already activated using this UUID.',
            array('status' => 403)

    // Hasn't been used before, proceed
    return true;
add_filter('lmfwc_rest_api_validation', 'lmfwc_tutorial_check_uuid', 10, 3);

We first must check if we are on the correct route. If so, the function will then retrieve all needed variables and check if they are correct. Lastly, we obtain the activation_uuid meta key from the license, and check its value against the value provided in the request body. Please note, that the meta key name can be anything, it’s up to you to define it.