Plugin API Reference
This documentation is intended for WordPress developers implementing the license activation, validation, and template synchronization logic within the VisioLayer Pro plugin.
Base URL
{{env('APP_URL')}}/api
Security & Authentication
All API requests MUST be signed using a shared secret key. We use a "POST-only" strategy for all licensed endpoints to ensure the request body is included in the cryptographic signature.
Headers required:
| Header | Description |
|---|---|
Content-Type |
application/json |
X-Visio-Timestamp |
Current Unix Timestamp (GMT) |
X-Visio-Signature |
HMAC SHA256 signature of the request |
Generating the Signature (PHP)
The signature is generated by concatenating the timestamp and the raw JSON body with a dot (.), then hashing it with the secret key.
$secret_key = 'YOUR_PLUGIN_SECRET'; // Shared secret from Backend .env
$timestamp = time();
$body = json_encode($data);
$payload = $timestamp . '.' . $body;
$signature = hash_hmac('sha256', $payload, $secret_key);
1. License Management
1.1 Activate License
Registers a site to a specific license key.
- Endpoint:
POST /license/activate - Request Body:
{
"license_key": "VL-XXXX-XXXX-XXXX",
"site_url": "https://example.com"
}
1.2 Validate License
Periodic check to ensure the license is still active.
- Endpoint:
POST /license/validate - Request Body: Same as Activate.
1.3 Deactivate License
Removes a site's registration.
- Endpoint:
POST /license/deactivate - Request Body: Same as Activate.
2. Templates API
2.1 Fetch Templates List
Retrieves a paginated list of templates available for the current license plan.
- Endpoint:
POST /templates - Request Body:
{
"license_key": "VL-XXXX-XXXX-XXXX",
"site_url": "https://example.com",
"page": 1,
"per_page": 12
}
- Success Response (200 OK):
{
"status": "success",
"data": [
{
"id": 1,
"slug": "modern-hero-slider",
"title": "Modern Hero Slider",
"category": "Hero",
"plan": "pro",
"preview_image_url": "...",
"version": "1.0.0"
}
],
"meta": {
"current_page": 1,
"last_page": 5,
"total": 60
}
}
2.2 Download Template Detail
Retrieves the full template JSON for importing into the editor.
-
Endpoint:
POST /templates/{slug} -
Example:
POST /templates/modern-hero-slider -
Request Body: Same as Activate.
-
Success Response (200 OK):
{
"status": "success",
"template": {
"id": 12,
"slug": "modern-saas-features",
"template_json": {
"version": "1.0.0",
"settings": {
"width": 1200,
"height": 600,
"autoplay": true,
"autoplayDelay": 5000,
"loop": true,
"showArrows": true,
"showDots": true,
"transition": "fade",
"transitionDuration": 800,
"transitionDelay": 0,
"animationType": "fade",
"animationDirection": "left"
},
"slides": [
{
"id": 1,
"name": "Feature Intro",
"backgroundColor": "#1a1a1a",
"layers": [
{
"id": 101,
"type": "text",
"name": "Heading Layer",
"content": "Next Gen SaaS",
"x": 100,
"y": 150,
...
}
]
}
]
}
},
"signature": "..."
}
Note: The signature field inside the response is a verification of the template_json itself, ensuring the template data wasn't modified during transit.
3. Error Codes & Handling
The plugin should handle the following HTTP status codes:
| Status | Meaning | Action |
|---|---|---|
401 |
Unauthorized | Signature/Timestamp missing or expired. |
403 |
Forbidden | Invalid signature, Tier Upgrade Required, or License Expired. |
404 |
Not Found | License key or Template slug does not exist. |
429 |
Too Many Requests | Rate limit exceeded (e.g., too many template downloads). |
500 |
Server Error | Contact backend support. |
Sample Error Body:
{
"message": "Tier Upgrade Required. This template requires an agency plan.",
"required_tier": "agency"
}