If you encounter the error above after entering your Personal Token into the Product Registration field, you may have missed a step in generating your Personal Token. Please continue reading below for the likely causes of why your Personal Token may be invalid. If you’ve checked all the likely causes below and you’re still getting the ‘Invalid Token’ error, please open a support ticket so our team can have a look.
The token doesn’t have access to the required permissions. When generating a new token, make sure the following Permissions are checked: View Your Envato Account Username, Download Your Purchased Items, Verify Purchases You’ve Made and List Purchases You’ve Made. We require these permissions in order to verify if your purchase is valid and to be able to download automatic updates for the theme. If you’re already using an existing Personal Token, you can go to your ‘My Apps’ page and edit the token’s permissions from there. Simply click the ‘Edit’ button and check the required permissions.
Missing characters when copied from ThemeForest. When copying your Personal Token key, make sure you don’t miss any characters. If you’re copying your Personal Token from a text editor program like MS Word or Notepad, make sure you don’t copy any extra characters such as spaces, as well.
The personal token in use has been deleted. Make sure the Personal Token you’re using still exists in your ‘My Apps’ page. If it has been deleted or no longer exists, you’ll need to generate a new Personal Token and use that in your Product Registration instead.
Token in use is registered under the wrong ThemeForest account. If you have access to multiple ThemeForest accounts, make sure you’re logged into the correct account that you’ve purchased the theme with. Generating a Personal Token using an account that doesn’t have purchased will render the token invalid when used in the Product Registration field.
The server is blocked for external CURL calls. This needs to be checked with your hosting service since this configuration cannot be modified without administrator access to the machine. We'd suggest you get in touch with them and ask if there any restrictions on CURL calls or even firewall rules to block outgoing requests like that.