Chrome Extension: What is best license key/payment taking method?
Hey 'Hackers,
I'm working on my first Chrome Extension and I'd appreciate it if anyone could share any tips / advice on the best way to take a payment for the SaaS extension and potentially I guess having a license key or tying it to the user profile.
My extension will be probably a monthly or annual subscription and usage limited to usage on specific sites.
I'd like to prevent/limit unlicensed (re)distribution of it, so only paying users can use it on the site.
I think that ideally the payment would be taken with a popup using say, Stripe, directly from the extension — but how to prevent redistribution I am not sure.
Is there a tool or an approach that anyone could recommend (I'm not the coder, but would love to know what the Community might recommend as the best way to go about this).
Many thanks
R
As brn said that the only real solution is you need backend service for it. I think you can use keygen[.]sh integration with stripe to easily to that.
On a side note, I have some experience using Gumroad License. It's quite handy and only takes like 20-30 minute to use. You can check it on their site.
I believe the simplest pattern I’ve observed is that an extension requires uses to create an account, login, and a make purchase/subscription to use it. This can all be done via the extension itself (see LastPass’ extension for example) or via a lean website that you redirect to for login.
The only real option you have is to have a backend managing subscriptions/licenses. Whether you use a no-code service, a "full-featured" service, or something custom built, is up to you.
Without something to "login" the extension to your backend and tell if it's paid or not, you can't really prevent redistribution.
Most commonly, when not associated with a paid product/service, extensions will serve up ads, which can also be blocked, albeit not as easily with common ad-blockers.
Also, while technically you can fingerprint browsers from extensions, it's an invasive practice and can be spoofed, so it's not "bullet-proof".
But the extension is client code, it's right there in the browser. How do you keep other hackers from mocking the response from your backend to make the extension work without a license?
Thanks @brn. Any thoughts about what to use for this? I was thinking of using Stripe.
To take payments and implement licensing for your Chrome Extension:
Use Stripe for payments.
Implement user authentication.
Generate unique license keys.
Set up a server for license key validation.
Limit extension usage based on licensing.
Consider obfuscation for code protection.
Update your extension regularly.
Clearly define terms of use in your extension.
Obfuscation is against chrome web store ToS