I actually had a similar situation more recently (but with mobile apps, not games). Also asked a user to enter program-generated key when making a purchase. I don't think it's a huge problem if you explain where this key is shown inside the app. Speaking of distraction-free "buy now" webpage a reasonable solution I came up with the following solution: just ask for user e-mail (it's already provided by systems like PayPal anyway). Generate a random "user id" (better make it numeric) and send it to the user's e-mail along with activation instructions. Then user must go to another webpage on your site and enter 3 pieces of information: e-mail, id and the program key (the last one must be shown by the application). This page, if all goes well (the info is checked against the database records), generates an activation key to be entered to activate the program, which is also e-mailed (not just displayed on the webpage). This way you can control the piracy issue (because everything goes via e-mail, and also know/conrtol # of activations per user, since last step can be performed multiple times).