← Back to blog

July 9, 2026 · 8 min read

How to Revoke a License Key (2026)

Every licensing system eventually has to turn a license off after it has been issued — a refund, a chargeback, a leaked key, a contract that ended early. The hard part is not flipping a flag; it is making "off" actually stick, fast, even for software that verifies offline. This is how license revocation works: why you need it, how fast it can take effect for opaque and signed licenses, the strategies for each, and what a revoked license should really do.

Why you revoke — beyond expiry

Expiry ends access on a schedule you planned for. Revocation ends it out of cycle, because something changed:

  • Refunds and chargebacks — the customer no longer paid for what the key grants.
  • Fraud and abuse — a key is being used in ways your terms forbid, or was issued on a fraudulent payment.
  • Leaked or shared keys — a credential ended up somewhere public and needs to stop working now.
  • Contract termination — an enterprise deal ended before the paid term you would otherwise let run to expiry.
  • Compromised agent credentials — an automated client's key leaked and could burn spend fast; the same instinct as revoking a compromised key in agent licensing.

The core question: how fast does "off" take effect?

Revocation speed is decided by where a license's validity is checked. An opaque key is a random string whose status lives in the licensing server; every validation reads live state, so flipping the key to revoked makes the very next check fail. A signed JWT license is verified offline against a public key and carries its own validity, so it cannot be un-signed — it stays valid until it expires. That is the revocation-vs-offline trade-off at the heart of JWT vs opaque license keys: instant revocation and pure offline verification pull in opposite directions.

Revocation strategies

StrategyHow it worksSpeed / scope
Status flip (opaque)Mark the key revoked server-side; every validate reads live stateInstant, per key — the default for online software
Short TTL (signed JWT)Issue tokens that expire in hours to days; a revoked license stops working when the current token lapsesBounded lag, per key — works fully offline
Denylist / CRLOnline clients check a revoked-token list before trusting a JWTNear-instant, per key — but reintroduces a network check
Signing-key rotation (JWKS)Rotate the signing key so every token signed with the old key fails at onceInstant but blunt — mass revocation, then re-issue

Most products combine them: opaque keys for online products that need instant kill, short-TTL signed licenses for offline software, a denylist for the occasionally-connected middle, and key rotation held in reserve for a breach.

What a revoked license should do

"Revoked" is more than a boolean. A well-behaved revocation:

  • Fails validation with a reason. The next check returns not-valid and a machine-readable reason, so your software can show "license revoked — contact support" rather than a generic error.
  • Releases activations. Devices bound to the license lose access on their next check and the freed seats can be reassigned — revocation should cascade, not orphan.
  • Chooses a cutoff policy. A hard cutoff blocks immediately; a short grace window is kinder for billing-related revocations you might reverse.
  • Is idempotent. Revoking an already-revoked key is a no-op, not an error — retries and duplicate webhooks must not break.

Revocation is an audit event

Turning a license off is exactly the kind of action you will need to explain later — to a customer disputing a chargeback, to a security review, or to yourself six months on. Record every revocation as an event: who did it, when, and why. That trail is evidence in a payment dispute and part of a defensible security and compliance posture — see audit trails for a licensing system for what to log and how to keep it trustworthy. It is the same discipline as any other compliance-sensitive licensing action.

Revoke vs. expire vs. suspend

Three different tools that are easy to conflate. Expire ends access at a planned time (a trial, a paid term). Revoke is a permanent, out-of-cycle kill (refund, fraud, breach). Suspend is a reversible pause — the right tool for dunning, where a failed payment should restore access the instant it clears rather than force a brand-new license. Picking the right one keeps your license lifecycle honest and your customers unsurprised.

Build vs. buy

Revocation looks trivial — flip a flag — until you account for cascading to activations, reasons and cutoff policies, idempotent handling of retried webhooks, offline TTL windows, denylists, key rotation, and an audit trail that stands up in a dispute. ValidonX handles this as part of the license lifecycle: opaque keys revoke instantly on the next validation, Ed25519-signed JWT licenses use a short 96-hour TTL so even offline software stops within days, revocation cascades to device activations, and every revocation is recorded. It is the same model behind licensing as a service — the lifecycle, not just the key.

Frequently asked questions

What does it mean to revoke a license key?

Revoking a license key turns it off after it has been issued, so validation stops succeeding — separate from letting it lapse at its expiry date. You revoke when a customer refunds or charges back, when a key is leaked or abused, when a contract ends early, or when fraud is detected. A good revocation is immediate and durable: the next validation returns not-valid with a reason, and any devices bound to the license lose access.

How do you instantly revoke a license?

Instant revocation needs the check to consult live server state. With an opaque key — a random string whose status lives in the licensing database — you flip the key to revoked and the very next validation call fails, because every check reads current state. That is the main advantage of opaque keys over self-contained signed tokens, which carry their own validity and cannot be un-signed after the fact.

Can you revoke a signed JWT license?

Not instantly, because a signed JWT is verified offline against a public key and stays cryptographically valid until it expires. You bound the exposure three ways: keep the TTL short (hours to days) so a revoked license stops working on its own soon after; publish a denylist that online clients check; or, for mass revocation, rotate the signing key so every token signed with the old key fails at once. If you need truly instant revocation for a product, use opaque keys for it instead.

What happens to active devices when you revoke a license?

Revocation should cascade to activations. When you revoke the license, release the device activations bound to it so the freed seats can be reassigned and the revoked devices fail their next check. Decide the cutoff policy deliberately: a hard cutoff blocks immediately, while a short grace period is friendlier for accidental or billing-related revocations you might reverse. Either way, record the revocation as an event you can audit later.

When should you revoke a license versus letting it expire?

Expire when access should end on a schedule — a trial or a term you already priced in. Revoke when access must end now, out of cycle: a refund, chargeback, detected fraud, a leaked key, or a broken contract. A third option, suspend, is a reversible pause — useful for dunning, where you want to restore access the moment a failed payment clears rather than re-issue a new license.

Need to revoke keys the moment a refund or breach hits? Start free — issue a license, then revoke it and watch the next validation fail, in minutes, no credit card.

We use essential cookies for authentication and session management. Privacy Policy