Developer-friendly SDKs and REST API

Python and JavaScript SDKs, a full REST API, and Ed25519-signed tokens for offline validation. Integrate licensing in minutes.

🔧

1. Setup

Create a product and plan via the admin dashboard or API. The system generates an Ed25519 keypair — the private key signs licenses, the public key enables offline validation.

🔒

2. Issue

Issue licenses tied to a plan using the API or admin dashboard. Each license gets a signed JWT token containing the full license payload, verifiable offline with the public key.

🔄

3. Validate

Validate online (server checks status, expiry, devices, geo, rate limits) or offline (local Ed25519 verification of the signed token — no server call required).

SDKs

Client libraries for Python and JavaScript. Both handle authentication, online validation, and offline token decoding.

🐍

Python SDK

pip install licensing-sdk

Python 3.9+ client with async support. Handles online validation, offline token decoding, and device fingerprinting.

validate() decode() offline capable
from licensing_sdk import LicenseClient

client = LicenseClient(
    server_url="https://your-server.com",
    api_key="lsk_..."
)

# Online validation
result = client.validate("license-key-here")
if result.valid:
    print("Valid until:", result.payload.expires_at)

# Offline decode (no server call)
decoded = client.decode("signed-token-here")
print("Features:", decoded.features)
📈

JavaScript SDK

npm install licensing-sdk

ES module for Node.js and browser. Lightweight (no runtime dependencies) — uses native fetch for API calls.

validate() decode() browser ready
import { LicenseClient } from 'licensing-sdk';

const client = new LicenseClient({
  serverUrl: 'https://your-server.com',
  apiKey: 'lsk_...'
});

const result = await client.validate('license-key-here');
if (result.valid) {
  console.log('Valid until:', result.payload.expires_at);
}

Authentication

All API requests require authentication. Two token types are used depending on the operation.

API KEY
Vendor API key — prefixed lsk_, generated from the admin dashboard. Used for server-to-server calls: creating products, issuing licenses, managing customers. Sent as Authorization: Bearer lsk_... header.
JWT
Session token — returned by POST /v1/auth/login using email + API key. Expires after 24 hours. Used for admin dashboard sessions and client-side portal operations.

REST API Reference

All endpoints are versioned under /v1/, return JSON, and accept Content-Type: application/json.

Auth

POST/v1/auth/login
Authenticate with email and API key. Returns a JWT session token (expires 24h).
POST/v1/auth/api-key/generate
Generate a new vendor API key. Requires existing valid API key or JWT session.

Products

POST/v1/products
Create a new product. Each product can have multiple plans with different license models.
GET/v1/products
List all products with plan counts.
GET/v1/products/{id}
Get product details including associated plans.
DELETE/v1/products/{id}
Delete a product and its plans.

Plans

POST/v1/plans
Create a plan with a specific license model: perpetual, subscription, trial, floating, node_locked, or usage_based.
GET/v1/plans/{id}
Get plan details including pricing and duration.
DELETE/v1/plans/{id}
Delete a plan.

Licenses

POST/v1/licenses
Issue a new license to a customer for a given plan. Returns the signed license token.
GET/v1/licenses
List all licenses with status and device counts.
POST/v1/licenses/validate
Validate a license key. Server checks status, expiry, geo-restriction, IP ban, device limit, and clock skew. Returns signed token payload.
POST/v1/licenses/{id}/revoke
Revoke a license. Revoked licenses fail all future validation checks.

Customers

GET/v1/customers
List all customers.
POST/v1/customers
Add a new customer (email, name).
GET/v1/customers/{id}
Get customer details and their licenses.

Admin & Security

GET/v1/admin/stats
Dashboard statistics — product, customer, and license counts.
POST/v1/admin/ip-ban
Ban an IP address (duration in minutes or permanent).
PUT/v1/admin/geo-restriction
Set allowed countries for license validation (ISO alpha-2 codes).
GET/v1/admin/audit-log
View the immutable audit trail of all license operations.

Billing

GET/v1/vendor/billing/plan
Get current vendor billing tier and status (Starter, Growth, Enterprise).
GET/v1/vendor/billing/invoices
List past invoices.

Webhooks

POST/v1/webhooks/revolut
Revolut Pay webhook receiver — handles payment confirmations, refunds, and mandate events.
POST/v1/webhooks/vendor/receive
Vendor billing webhook receiver — auto-issue licenses when vendor confirms payment via their own provider.

Health

GET/v1/health
Health check — returns server status and DB connection state.

Offline Validation (Ed25519 Signed Tokens)

Licenses are issued as signed JWT tokens. Each token contains the full license payload and an Ed25519 signature. Your application can verify the token locally using the public key — no server call required. This is ideal for air-gapped environments, low-latency checks, or reducing server load.

# Token format (compact JSON, ~500 bytes)
{"payload":{"license_id":"...","status":"active",...},"sig":"<64-byte-hex-signature>"}

# Verification flow
# 1. Extract payload and signature from the token
# 2. Verify Ed25519 signature using the public key
# 3. Check expiry, status, and features locally
# 4. Accept or reject the license without a network call

Ready to integrate?

Choose a plan, deploy the server, and start issuing licenses in minutes.