I've written a 3rd party JS application which I want to start selling to customers. I've been thinking of a pay-per-deployed-site charging scenario. The customer makes the purchase and gets a piece of HTML+JS to embed on their site that loads the actual JS application.
Is there a reliable way in which I can make sure the customer only uses the application on the sites they payed for (they can easily just paste the above-mentioned code anywhere)?
This is the only solution that came to my mind:
- Check the address of the originating site using
window.location.href - Send it with every request the JS application makes to my server
- Compare it with a list of purchased sites registered by the customer upon the application purchase and block the application if the site is not recognized
However, such approach at first glance does not seem very reliable to me - e.g. I might have trouble if the customer's site is available under multiple addresses.
Any ideas or even inspiration on where to research further are very welcome (my current googling has been pretty futile so far).