Upcoming Change: Improving Download Controls and Self Service Activation

  • Jason@DPD
  • July 27, 2015

We’re putting the finishing touches on a massive service improvement to DPD that will completely change the way we authorize and deliver product files.

We understand that many people are resistant to change, but the advantages of the new system we’re prepping for release are overwhelmingly positive for both the vendor and consumer and we’re excited to start this series of posts explaining the new system.

How DPD Works Now: Time and Attempt Based System

DPD currently lets the vendor set two options that controls how buyers can download their products- Time Limit and Attempt Limit. This is basically how every other service works too.

Time Limit: How long the download links should remain active. This can be set as anything from 24 hours to unlimited.

Attempt Limit: How many download attempts (clicks of the download button) that can take place before it is deactivated.

Once either of these limits are reached the buyer can no longer access their files. They must then contact the vendor, the vendor must manually reactivate the download, and the buyer must follow the new email link sent to them.

The Problem We’re Trying to Solve

Manual reactivation is the number one pain point that vendors tell us about- its the primary customer service problem for most vendors (where buyers lose their files and need to re-download months later) and it makes buyers angry to not be able to access their purchases.

Also, if a buyer purchases multiple times from the same store, the purchases are not available together- the buyer must find each individual purchase email to get the unique download link from that purchase.

Mobile devices like iPads and phones make this problem worse- these devices don’t always download the files, opening them from their location on our server. When the time or attempt limit is reached, these files just stop working, causing another CS headache for the vendor and reducing buyer confidence.

Our Solution: Session Based Download Controls

Where the current system authorizes attempts for a certain amount of time, the new system will be session based and authorize a particular computer or mobile device to access the file.

Once a computer is authorized, they can download the file whenever they want, on that device, for as long as the vendor wants to allow.

If the buyer attempts to download the file from an unknown device DPD will ask them for their email address, and a new authorization link for that device will be sent to their email. Only the person with access to the buyers email will be able to authorize new download sessions.

The vendor will be able to control how many devices can be activated at one time. For example, as a vendor you may allow 3 devices at once (a desktop or laptop, iPad, and mobile phone). The vendor will also be able to specify how many activations total can occur before they need to be manually reset.

This is a massive improvement for several reasons:

  1. The buyer can always access their files.
  2. The buyer can not easily share access with others, and if they do they will burn their own access sessions.
  3. The buyer will be able to authorize their computer and have access to all their purchases using that email, not just the current one.
  4. If the buyer is using a new device they can do self-service reactivation using their email, eliminating the need for manual reactivation by the vendor and related customer service woes.
  5. Session based download controls will allow us to offer more advanced anti-sharing features, like hosted ebook readers. We’ll have a post about our new hosted ebook reader in the next few days!

Those who play computer games may be familiar with Steam. Steam uses a device based authorization system extremely similar to the new system DPD is rolling out where if you log in from a new device you must authorize it using your email and a code they send you. This is that system for anything sold through DPD.

The Plan Going Forward

1. Once we finish final testing on session based downloads (already in progress) we will release them as the default activation method for all new stores created in DPD.

2. Once we are sure there are no issues with new stores, we will be moving all existing stores to the new responsive checkout and session based activation.

This will be a forced upgrade for all existing stores- we have older stores using cart versions that are 2-3 versions out of date. We are going to modernize every checkout using DPD, drop support for previous cart versions, and focus 100% of our development efforts on the new, modern, responsive checkout.


We’ll make a release post when sessions are released for new stores. Everyone will have at least 30 days to try the new activation system and put it through its paces before we force upgrade for every store.

If anyone has any questions about the new session based activation system we’re always here to answer them for you. We understand that change can sometimes be scary, but the massive improvements of this new system are worth it.

Responses (2) / Trackbacks (0)

    by Jorge Guillen
    Jul 27th, 2015


    This is pointing to a real advanced e-commerce feature. I can see the beneficial impact of this implementation for the majority of vendors whom depends on digital delivery strategies.
    You guys are truly into improving your business … Very inspiring.

    by M El Hanini
    Aug 11th, 2015


    Great improvement. Here’s a couple questions:
    1) Once you migrate every DPD store to the new session-based system, what happens with old purchases? A customer who had purchased an eBook 1 year ago from a store that has just got upgraded to session-based system, what happens when that customers goes back to that 1-year old email and clicks on the link? Same “old” message of expiration? Or they get hooked straight to the session-based thing?
    2) Do authorizations have to do with the device cookies? What if a users deletes cookies from a computer that had been authorized? Not a big deal, just trying to confirm whether this session-based system is buit upon cookies.

    Thank you in advance,

Leave a Response

This site uses Akismet to reduce spam. Learn how your comment data is processed.