Eggy CodeVault - Instant Code Delivery API is a self-contained PHP script for managing imported code inventories and assigning one unused code to an order through simple JSON API endpoints.

Demo User:  [email protected]
Demo Pass:  password

It is designed for sellers who already own legitimate batches of codes, such as software license codes, voucher codes, coupon codes, access codes, serial numbers or activation codes, and need a lightweight way to import them, track stock and return one code when their existing order system calls the API.
The script does not require MySQL, MariaDB or SQLite. It uses guarded app-local storage files inside the included storage-data folder. The storage-data folder must be writable by PHP.
How it works:

1. Create a product inside the admin panel.
2. Import your owned codes for that product.
3. Create an API key.
4. Connect your existing checkout, webhook handler or custom order system to the assign-code API endpoint.
5. When an order is completed, your system calls the API.
6. CodeVault assigns one unused code to that order and records the assignment.

Included admin features:

• Product management
• Code import by pasted list or CSV/TXT upload
• Code inventory view
• Stock tracking
• Assignment logs
• API key management
• CSV export tools
• JSON backup export
• Settings page
• Storage safety guidance
• Public landing page
• API documentation page

Included API endpoints:

• Assign one unused code to an order
• Check stock for one product
• View stock for active products
• Verify whether a code exists in the system
• Reserve a code before final assignment
• Release a reservation
• Mark an assigned code as used
• Test a configured product webhook URL

The assign-code endpoint uses product and order details so repeated calls for the same order can return the existing assignment instead of issuing a different code.
Important buyer notes:
This script does not include a built-in checkout or payment gateway. It is intended to be connected to your existing checkout, webhook handler, order system or custom script using the included API endpoints.
This script does not generate new license keys or codes automatically. It manages and assigns codes that you import into the system.
This script is not a DRM system, license validation server or marketplace integration. It is a lightweight PHP code inventory and assignment tool.
Default admin credentials are included for first login and must be changed before live use. The default demo API key should also be replaced with a new production API key before connecting real orders.
Main benefits:

• No database setup required
• Simple PHP upload structure
• API-based code assignment
• One unused code assigned per order
• Reservation and release support
• Stock checking endpoint
• Assignment history
• CSV export tools
• JSON backup export
• Included setup and API documentation

Eggy CodeVault is best suited for small digital sellers, software sellers, voucher sellers and developers who need a simple PHP-based way to manage imported code stock and assign one unused code per completed order.

• No MySQL, MariaDB or SQLite required
• Self-contained PHP script
• App-local guarded PHP storage files
• Writable storage-data folder for live data
• Optional CODEVAULT_STORAGE_PATH support for advanced custom storage
• Admin login system
• Password change from admin settings
• Admin dashboard with product, code, assignment and API key totals
• Product management
• Product name, slug, description and status fields
• Low-stock threshold per product
• Optional delivery note field per product
• Optional webhook URL field per product
• Product slug protection after related records exist
• Code import by pasted list
• Code import by CSV or TXT upload
• One-code-per-line and comma-separated import support
• Global duplicate-code skipping during import
• Batch name support for imported codes
• Code inventory page
• Filter codes by product
• Filter codes by status
• Search codes by code value, order ID or buyer email
• Code statuses: available, reserved, assigned, used and disabled
• Safe manual code status controls
• Available codes can be disabled
• Disabled codes can be made available again
• Assigned codes can be marked as used
• Assigned and used codes cannot be manually returned to available stock
• CSV export for code inventory
• Assignment log page
• Assignment search by product, order, buyer or code
• Assignment CSV export
• API key creation
• API key revocation
• API key prefix display
• API key usage count tracking
• API key last-used tracking
• Bearer token API authentication
• Fallback X-API-Key / api_key support in the API authentication helper
• Configurable API rate limit per minute
• JSON API responses
• API error responses with clear error codes
• Assign-code API endpoint
• One unused code assigned per product/order
• Idempotent order handling for repeated assign-code calls
• Buyer email stored with assignments when provided
• Metadata support on assign-code requests
• Stock check API endpoint for one product
• Product stock API endpoint for all active products
• Verify-code API endpoint
• Reservation API endpoint
• Reservation release API endpoint
• Configurable reservation duration
• Expired reservation cleanup
• Assign-code finalises an existing reservation for the same product and order
• Reserved code values are not revealed until final assignment
• Mark-used API endpoint
• Webhook test API endpoint for a configured product webhook URL
• Public landing page
• Public code verification form
• Public API documentation page with curl examples
• Copy buttons for API examples
• Included text API reference
• Included installation guide
• Included security notes
• Included webhook usage notes
• Included storage protection notes
• JSON backup creation from the admin area
• Downloadable backup files
• Storage health check on the backup page
• Storage safety check page
• Direct-access storage safety guidance
• Included .htaccess and index.html protection files for storage folders
• Guarded .store.php storage format to reduce accidental JSON exposure
• CSRF protection on admin forms
• password_hash and password_verify for admin password handling
• Session regeneration after successful admin login
• API endpoints avoid starting the admin session
• File locking with flock during assignment and reservation operations
• Atomic storage writes using temporary files and rename
• Demo products, demo codes and a demo API key included for initial testing
• Dark responsive admin and public interface
• 404 page included
• README, changelog and final release notes included

• PHP 8.1 or later
• Web server with PHP support
• PHP JSON support enabled
• PHP sessions enabled for admin login
• Standard PHP file functions enabled
• PHP must be able to create, read, write, rename and lock local files
• storage-data/ folder must be writable by PHP
• storage-data/backups/ folder must be writable by PHP if using the admin backup export feature
• PHP file_uploads must be enabled if using CSV/TXT upload import
• Outbound HTTP access / allow_url_fopen is only required if using the included webhook test endpoint
• Browser cookies must be enabled for admin login sessions
• HTTPS is recommended for live API use
• No MySQL, MariaDB or SQLite database required
• No Composer required
• No Node.js required
• No cron job required

Installation and Setup Instructions

1. Upload the full Eggy CodeVault package to your PHP hosting account.
2. Make sure the storage-data/ folder is writable by PHP. The storage-data/backups/ folder must also be writable if you want to use the admin backup export feature.
3. Open the script in your browser.
4. Go to the admin area:

/admin/

1. Log in with the default local testing admin account:

Email: [email protected]
Password: password

1. After logging in, go to Settings and change the admin password before using the script live.
2. Go to API Keys and create a new API key for production use.
3. Revoke or stop using the included demo API key before connecting real orders.
4. Go to Products and create or edit the product you want to deliver codes for. Each product uses a product slug, which is used by the API.
5. Go to Import Codes and import your owned codes for that product. Codes can be pasted as a list or uploaded using CSV/TXT import if file uploads are enabled on your server.
6. Check the Code Inventory page to confirm the codes were imported and are available.
7. Connect your existing checkout, webhook handler, cart system or custom order script to the API endpoint:

/api/assign-code.php

1. Send API requests using your API key as a bearer token:

Authorization: Bearer YOUR_API_KEY

1. When your own order system confirms payment, call the assign-code endpoint with the product slug, order ID and optional buyer email. CodeVault will assign one unused code and return it in the JSON response.
2. Your own checkout, webhook handler or order system is responsible for displaying or emailing the returned code to the buyer. CodeVault provides the code assignment API but does not include a built-in payment checkout or customer email delivery system.

Basic assign-code request example:
POST /api/assign-code.php
{
"product_slug": "your-product-slug",
"order_id": "ORDER-1001",
"buyer_email": "[email protected]"
}
The same product/order combination can be called again without issuing a different code, because the endpoint checks for an existing assignment for that order.
Optional API workflow:

• Use /api/check-stock.php to check stock for one product.
• Use /api/product-stock.php to view stock counts for active products.
• Use /api/reserve-code.php if your checkout flow needs to reserve a code before final assignment.
• Use /api/release-reservation.php to release a reservation if the order is not completed.
• Use /api/mark-used.php if your own system needs to mark an assigned code as used.
• Use /api/verify-code.php to check whether a code exists in the system.
• Use /api/webhook-test.php only if you have configured a product webhook URL and your server allows outbound HTTP requests.

Storage safety check:
After setup, confirm that direct access to guarded storage files does not show JSON data in the browser. For example:
/storage-data/settings.store.php
A safe result is a blank page, 403, 404 or blocked response. It should not display readable JSON data.
Backup:
Use the Backup page in the admin area to create downloadable JSON backups of the stored product, code, assignment and API data. The storage-data/backups/ folder must be writable by PHP for this feature.
Important live-use notes:

• Change the default admin password before production use.
• Create a new production API key before connecting real orders.
• Use HTTPS for live API requests.
• Only import codes you are legally allowed to sell or distribute.
• Do not use the included demo codes for real orders.
• Do not expose API keys publicly in frontend JavaScript.
• Do not enable public PHP error display on a live installation. ###li/li######li/li######li/li###