Developer-friendly SDKs and REST API
Python and JavaScript SDKs, a full REST API, and Ed25519-signed tokens for offline validation. Integrate licensing in minutes.
1. Setup
Create a product and plan via the admin dashboard or API. The system generates an Ed25519 keypair — the private key signs licenses, the public key enables offline validation.
2. Issue
Issue licenses tied to a plan using the API or admin dashboard. Each license gets a signed JWT token containing the full license payload, verifiable offline with the public key.
3. Validate
Validate online (server checks status, expiry, devices, geo, rate limits) or offline (local Ed25519 verification of the signed token — no server call required).
SDKs
Client libraries for Python and JavaScript. Both handle authentication, online validation, and offline token decoding.
Python SDK
pip install licensing-sdkPython 3.9+ client with async support. Handles online validation, offline token decoding, and device fingerprinting.
from licensing_sdk import LicenseClient
client = LicenseClient(
server_url="https://your-server.com",
api_key="lsk_..."
)
# Online validation
result = client.validate("license-key-here")
if result.valid:
print("Valid until:", result.payload.expires_at)
# Offline decode (no server call)
decoded = client.decode("signed-token-here")
print("Features:", decoded.features)
JavaScript SDK
npm install licensing-sdkES module for Node.js and browser. Lightweight (no runtime dependencies) — uses native fetch for API calls.
import { LicenseClient } from 'licensing-sdk';
const client = new LicenseClient({
serverUrl: 'https://your-server.com',
apiKey: 'lsk_...'
});
const result = await client.validate('license-key-here');
if (result.valid) {
console.log('Valid until:', result.payload.expires_at);
}
Authentication
All API requests require authentication. Two token types are used depending on the operation.
lsk_, generated from the admin dashboard. Used for server-to-server calls: creating products, issuing licenses, managing customers. Sent as Authorization: Bearer lsk_... header.POST /v1/auth/login using email + API key. Expires after 24 hours. Used for admin dashboard sessions and client-side portal operations.REST API Reference
All endpoints are versioned under /v1/, return JSON, and accept Content-Type: application/json.
Auth
Products
Plans
perpetual, subscription, trial, floating, node_locked, or usage_based.Licenses
Customers
Admin & Security
Billing
Webhooks
Health
Offline Validation (Ed25519 Signed Tokens)
Licenses are issued as signed JWT tokens. Each token contains the full license payload and an Ed25519 signature. Your application can verify the token locally using the public key — no server call required. This is ideal for air-gapped environments, low-latency checks, or reducing server load.
# Token format (compact JSON, ~500 bytes)
{"payload":{"license_id":"...","status":"active",...},"sig":"<64-byte-hex-signature>"}
# Verification flow
# 1. Extract payload and signature from the token
# 2. Verify Ed25519 signature using the public key
# 3. Check expiry, status, and features locally
# 4. Accept or reject the license without a network call
Ready to integrate?
Choose a plan, deploy the server, and start issuing licenses in minutes.