How do I validate a license key with ValidonX?

Send a POST request to /api/v1/integration/licenses/{licenseKey}/validate with your X-API-Key header. The response includes valid (boolean), license status, expiry date, and entitlements as a flexible JSON key-value object.

ValidonX is a multi-tenant SaaS licensing platform that provides license key validation, device activation tracking, entitlement enforcement, and usage metering via a REST API. Software vendors use it to manage licensing for their products.

How do ValidonX entitlements work?

Entitlements are a flexible JSON key-value store on each license. You define whatever keys make sense for your product (e.g., {"plan": "pro", "domains": 5, "api.access": true}). They are returned in the license validation response and can also be checked via the /entitlements/check endpoint.

What programming languages does ValidonX support?

ValidonX provides a REST API that works with any language. Official SDK examples and copy-paste client classes are provided for PHP, JavaScript/Node.js, Python, and cURL. The API uses standard JSON over HTTPS.

How much does ValidonX cost?

ValidonX offers a free Starter tier (1 product, 100 license keys, 10,000 API calls/month), a Pro tier at $49/month (5 products, unlimited keys, 100,000 API calls/month), and custom Enterprise pricing with unlimited everything and dedicated database.

Authentication Overview

Last updated: Phase 8.5

ValidonX supports two authentication methods depending on your use case:

Method	Use Case	Header	Audience
API Key	Integration API (license validation, activations, usage)	`X-API-Key`	External applications, SDKs
Bearer Token	Tenant Dashboard, Admin Dashboard, Billing Portal	`Authorization: Bearer {token}`	Authenticated users

API Key Authentication

For server-to-server integration (license validation, activation, entitlement checks, usage reporting):

POST /api/v1/integration/licenses/{key}/validate
X-API-Key: vx_abc123def456...
Content-Type: application/json

API keys are tenant-scoped. Each key resolves to exactly one tenant. Keys are hashed with HMAC-SHA256 before storage — the raw key is shown only once at creation time.

See API Keys for details.

Bearer Token Authentication

For dashboard and portal access:

GET /api/v1/tenant/products
Authorization: Bearer 1|abc123...
X-Tenant-ID: tenant-uuid
Content-Type: application/json

Tokens are issued via POST /api/auth/login and carry ability scopes (admin or tenant).

See Token Auth for details.

Required Headers

All requests should include:

Header	Required	Description
`Content-Type`	Yes	`application/json`
`X-API-Key`	Integration API only	Your API key
`Authorization`	Dashboard/portal only	`Bearer {token}`
`X-Tenant-ID`	Multi-tenant users only	Tenant UUID (auto-selected for single-tenant users)
`X-Request-ID`	Recommended	UUID for request tracing

Response Headers

All responses include:

Header	Description
`X-ValidonX-API-Version`	Always `1`
`X-Request-ID`	Request trace ID (echoed from request or generated)
`X-RateLimit-Limit`	Rate limit ceiling (integration API)
`X-RateLimit-Remaining`	Remaining requests
`X-RateLimit-Reset`	Unix timestamp when limit resets

Authentication Overview ​

API Key Authentication ​

Bearer Token Authentication ​

Required Headers ​

Response Headers ​

Authentication Overview

API Key Authentication

Bearer Token Authentication

Required Headers

Response Headers