Skip to main content

PayForm Blog

Protect your content inside a PayForm Members Area

Posted on
protect your content

PayForm offers a simple way to protect the content you serve to your customers inside a Members Area. This way, only people who is currently paying for your product or service will be allowed to see this content. While you may needs some coding skills to implement this in your own website, we are also including an example using PHP that you can copy and paste into the pages you want to protect.

How to protect your content using the client_id and client_verify parameters

The first step is to enable a content protection method in the Manage content tab. While POST is the preferred method, we have seen that some server configurations don’t allow POST requests. We recommend you to try with POST first and see if it causes any disruption in your server.

Protect your content in the manage content editor inside the members area

After this setting is enabled, PayForm automatically sends two parameters, client_id and client_verify, every time a customer opens this section. With these two parameters you can validate if the request actually comes from PayForm and if you are safe to display your content.

Example of content protection using PHP

We are going to show a small example on how to protect your content using PayForm’s members area and PHP. This simple code can be used as a copy and paste solution for most PHP based sites, still, some backend knowledge can help you do amazing things.

   if (!isset($_REQUEST['client_id']) || !isset($_REQUEST['client_verify'])) {
      die("Content only available inside the members area");
   // send the data back to PayForm
   $info = json_decode(file_get_contents("" . $_REQUEST['client_id'] . "&client_verify=" . $_REQUEST['client_verify']));
   if ($info->status == "unverified") {
      die("Verification failed");

   if ($info->customer->status !== "active" && $info->customer->status !== "trialing") {
      die("Please check your payment status");

   // you are safe to show your content here

How does content protection work behind the scenes?

Now the technical explanation. What this codes does, is to send both client_id and client_verify back to PayForm, using GET, to the following endpoint:

The simplest way to send both parameters is using GET (like in the previous example). Also, we can send these parameters using POST. Returning to the previous example, we made our backend call the following URL:<my_client_id>&client_verify=<my_client_verify>

Once we send both parameters to our endpoint, PayForm will return back a JSON encoded response including the verification status of the query, and relevant information about this customer. For this reason, we recommend that you call this endpoint using your backend.

The format of the response is the following:

     "status": "verified",
     "customer": {
          "id": "00000000-0000-0000-0000-000000000000",
          "email": "",
          "status": "active",
          "start_date": "2021-01-01 00:00:00",
          "form_information": {
               "Name": "John Doe"
          "payment_information": {
               "payment_recurrence": "none",
               "payment_plan": "Test plan",
               "payment_method": "stripe",
               "payment_subscription": "",
               "payment_amount": "99",
               "payment_currency": "usd"
         "test_mode": true

In case the user was not able to be verified, the response will be different. In this case it would be like this:

     "status": "unverified",
     "error": "Cause of error"

Feel free to explore the flexibility for protecting content that the new members area has to offer to your business. If you have any doubts about this implementation, feel free to contact support anytime.

Join entrepreneurs in over 30 countries

People all over the world trust PayForm for selling services and digital content online.

Start a free 7-day trial