Problem: "An API key must be used by a single device"Locked

Just realized that this is causing lots of problems with our 3rd party payment provider Fastspring. Basically they send a request to the web API to generate license keys using php code. The problem though, is that we don't have control of what IP addresses these requests get sent from. I can imagine that they use multiple servers depending on the current load of their system. Is there any way to enable requests sent from more than one IP per 24 hours? Has this restriction been set recently?

Covered here: https://wyday.com/forum/t/4205/current-limelm-server-status/#post-19954

Read the error code for how to use the web API: https://wyday.com/limelm/help/api/limelm.pkey.generate/#error-codes

1. Create a separate user for every server you're using a web API key on.

2. Only use web API keys from static servers.

3. Never embed web API keys in client-side JS or in your app.

Also, FastSpring uses a single outgoing IP address. So, ensure your web API key has not been compromised (if so, generate a new one), and only use that web API key from FastSpring.

This has totally busted my automated license renewal script with FastSpring and has caused much pain and difficulty for me. Researching solution. Hopefully this will not take up much more of my time. I hope whatever changes were made were necessary, because now I have a ****load of individual customer emails to handle and manual license extensions to do.

FastSpring uses a single IP address. If you're using the same web API key from multiple different servers (besides FastSpring) then you'll need to create separate users and use those separate user's web API keys.

Please add an option to turn this off. This already caused tons of support overhead when you introduced it first. And when its been going fine for over a month, I again wake up to hundreds of emails. Our server decided to use ipv6 instead of ipv4 for api requests and that messed it up.

Make sure the way you're contacting the LimeLM servers either uses an IPv4 or an IPv6 resolver. Don't alternate between the 2.

I've just been stung by this issue too.

So we're currently on the solo plan (we're starting-up) with licence generation via FastSpring. Everything was fine until we added a 'retrieve your activation key' page to our website then suddenly we're seeing issue 164.

After a bit of digging I see I'll need to add a new user for my Web Server but unfortunately, the Solo plan only allows you to have 1 User which means we'll have to upgrade to the next plan!

What I don't understand is why I need to add a new User for the server as its not *really* a user in the common sense. Surely usage of the API key should be controlled via a white-list or something similar.

Is there any way we can turn this off as I'm afraid this is potentially a deal breaker for us?

Thanks

We're going to be adding explicit whitelists to LimeLM soon so you'll have an option to either let do what we're allowing now (1 IP address per 24 hours, regardless of what that IP address is) OR X IP addresses from a pre-defined list of IP addresses you set.