Authenticated Page Redirect (APR) allows you to offer secure one-off access to WordPress pages and posts, without requiring the services of a membership plugin. You might find this capability useful in some cases for selling access to something like an event or time specific page or post, which may in turn provide access to live streaming video.
This feature is widely used to setup pay per view (PPV) content.
What to Expect
This is the scenario that we are after:
- A visitor arrives on your site and sees a purchase button for some Pay Per View (PPV) content.
- The visitor makes a purchase using the purchase button.
- The visitor then gets an encrypted link in the email (optionally you can also show the links on the Thank you page).
- The visitor clicks on the encrypted link which sends him to a WordPress page and allows him to see the content embedded on that page. If the visitor directly goes to this page without clicking on the encrypted link first (no content will be shown to the visitor).
How the APR Feature Protects the Content
The key thing to understand here is that the APR feature protects the content inside the APR shortcode (it doesn’t try to mask or hide the URL of the page). The content inside the APR Shortcode can only be viewed after the customers click on the encrypted link for that product that they receive after the purchase. If anyone directly goes to that URL the content inside the APR shortcode will be hidden this is why there is no need to hide the actual URL.
Setup Preparation (Basic Understanding)
The security mechanism used by APR is an encrypted session cookie; the APR Cookie. Each APR cookie is specific to a particular permalink, and contains encrypted timing information. On the pages being protected by APR, called APR Targets, an APR shortcode encloses the content being protected. Content enclosed by an APR shortcode will only be displayed if one of the following specified conditions are met:
- An APR cookie EXISTS in the current browser session.
- An APR cookie exists and is LESS THAN an a specified number of minutes old.
Setup Authenticated Page Redirect
Checkout the pay per view feature video tutorial from our additional video tutorial section.
Step 1 (Create the Page with the Content and the Shortcode)
To setup a permalink as a digital product first you need to create the target page and setup the content that you want to deliver after the purchase.
Create a page or post that will become the APR target then enclose the content you want to protect using one of the following shortcodes:
Please make sure that the permalink you will be using works. Copy and paste it into the address bar of your browser. Specifically, ensure that the permalink you think you are going to use does not get modified by WordPress. If the permalink changes, then either fix the problem or use the resulting URL as the link you will use for the APR target URI.
Step 2 (Configure the Product)
Setup your digital product, using the URL of the APR target page in the “Digital Product URL” field. CHANGE the URL scheme from ‘http’ to ‘aprtp’ or from ‘https’ to ‘aprtps’ in the “Digital Product URL” field. So for example if your APR target page URL is the following:
Change the keyword “http” to “aprtp” and use that URL in the “Digital Product URL” field. So for the above example you will enter the following in the “Digital Product URL” field:
Now, whenever an encrypted link, pointing to an APR target is processed by eStore; an APR cookie will be issued, before the browser is redirected to the APR target, by the download manager script. This way your customers can only view the protected content on that page after they have made a payment.
If an APR target contains the ‘nextpage’ tag, only content on the first page will be protected by the APR shortcodes.
Reasons for why APR would not work include:
- The product URL does not specify the APRTP protocol. You forgot to use the correct URL format (see step 2 above) in the “Digital Product URL” field.
- The specified URL used with the APRTP protocol does not EXACTLY match the “pretty URL” format used for the non-APR URL. Example, if the non-APR URL is “http://site.com/page/” the APR URI must include the trailing “/” or it will not work.
- The browser is not accepting cookies.
This is an example of how to check for proper APR cookie authorization. Notice the conditional testing that is taking place. The conditional shortcode can be used to handle expired links.
[wp_eStore_APR expiry=0 status=unexpired]
Now you see me!
[wp_eStore_APR expiry=0 status=expired]
Now you don't!