DPD Update: New Device Based download authorization… No more Reactivations!

  • Jason@DPD
  • December 7, 2017

Today we’ve started rolling out a change to how DPD authorizes downloads for buyers. It’s a significant change and one that will lead to massive decreases in customer support requests from your customers asking for download reactivation.

That said, new can be scary so here is a breakdown of whats changing:

Old Download System: Attempt Based

Previously, DPD counted download attempts and kept downloads active for a fixed amount of time. This meant that a customer might get 2 attempts to download over 1 week after purchase, and after that their download page was dead.

While this is pretty much the standard way things are done with most systems out there, it’s a pretty awful experience for the customer AND vendor. After a week (or 2 tries) the customer can’t get their product and gets mad. The vendor then has to deal with an angry customer and spend time finding their purchase, verifying their identity, and reactivating their download.

If the tweets and support tickets we get from you guys are any indication, this irritates vendors a lot too. We don’t want irritated vendors- we want happy ones!

Soooo… we’re making this massive change:

New System: Device Based Activation

The new Device Based Activation system prevents unauthorized download of your products by only allowing download from devices that have been registered and authorized to a customer’s profile in DPD.

Buyers can download their products as many times as they need from the registered device, but because it is locked to the device they are unable to share the download link with others.

What is a Device?

DPD uses the word “Device” throughout the admin and knowledge base.  In the context of download controls, a Device is the browser + computer or other gadget that the buyer is using to download products.

Examples of Devices:

  • PC desktop + Firefox Browser
  • iPhone + Safari Browser
  • Android Phone + Android Browser
  • Mac Laptop + Safari Browser

So, when DPD mentions “Device” anywhere, it is short for the unique fingerprint of the computer or mobile gadget used by the buyer, the browser used, and the unique session cookie for that customer.

How does it work?

When a buyer completes a checkout with DPD we set a unique session tracking cookie on their browser.  This cookie only works with that browser + computer (or mobile device combo) that was used to complete the purchase.  This happens seamlessly in the background.

As long as the buyer has this unique session cookie authorizing their browser they can download the products they purchased whenever they like by visiting their download page or following the link in the purchase email they received from your DPD store when completing checkout.

Even better, once a buyer has activated their computer to download their products, its authorized to download ALL the products they’ve purchased from your store automatically, not just the one they activated.

More Information

We know this system is a completely new way of handling downloads and we’ve tried to cover the questions we could think of. If you have one we haven’t thought of please comment or send a support ticket!

What happens if they are on a different device?

It will ask them to enter their email, which is checked against the purchase, to send them an authorization link. Learn more:

How DPD Authorizes Customer Downloads

Do I need to change the device limits?

Usually, no. We’ve set sane defaults that should be good for most vendors, but if you want to here is a KB article on that:

Setting Store Device Limits

What happens when a customer reaches their device limit?

The won’t be able to access their downloads until you authorize another device. Here is how to do that:

Customer Service: When a customer reaches their device limit

This all sounds awesome, how do I get it?!

The rollout is in two phases:

1. (the new few days) From this point all new stores will have Device Based Activation automatically. Its the default for new stores from the time of this blog post.

2. (2 weeks or so) We’re going to migrate every existing DPD store to the new device based activation system once we’ve had it in production for a few weeks and are confident there are no issues.

Want it now?

We know some vendors hate reactivating downloads and have been very vocal about wanting a better system so send us a support ticket! We’ll turn on the new system for you now and you can stop reactivating downloads.

Have any more feedback or questions? Drop us a comment here or send in a support ticket!

Responses (9) / Trackbacks (0)

    by Serge King
    Dec 11th, 2017


    I don’t really understand how this works. Are customers able to download the products more than once? And able to download previously purchased products again?

    by Alejandro
    Dec 29th, 2017


    Can you guys make this an optional store behavior? Or at least give us more than 2 weeks to prepare?

    We make a big deal that our software is DRM free without online activation and this new behavior is bound to make a few of our existing customers mad.

    Also, what happens if they clear their cookies?


    by Gerben Wierda
    Jan 07th, 2018


    I’m definitely not happy with this and my first question would be: can I keep the old way? I definitely want a time limit (as it is definitely safer, I feel) and I have no problems dealing with the occasional reactivation request. Frankly, I don’t trust the security of this without knowing a lot more about the techncial details and even then I find the time limit simple and very safe.

    by Gerben Wierda
    Jan 07th, 2018


    In addition: I would really like to see the possibility to have people only get download links via mail and not directly after a purchase.When they are directly moved from purchase to download, they may have entered a wrong email address and I cannot reach them for updates. So having th eemail address checked is important.

      by Jason@DPD
      Jan 17th, 2018


      This would be a new feature not related to activation, but doesn’t seem too hard to add. Please send us a support ticket with how you’d like this to work and we’ll see what we can do.

        by Gerben Wierda
        Jan 17th, 2018


        It’s simple. As it is now, people are able to enter a non-working email email address and still get their product (in my case a stamped PDF). Someone for instance put in info@paypal.com. Now, every time I send out update emails, etc. I spam info@paypal.com. I cannot reach the customer to tell him he is entitled to a free upgrade etc. So, what I would like is to be able to set the sale process to work with an email always and not go directly from purchase to download. That way I am certain that the email entered is legit. It also weakens the ‘social protection’ of PDF stamping (which works great). I might not want this for free products or unstamped products, so it is a per-product setting, not a per-store.

        The new time limit on device-based download activation is great, btw

Leave a Response