How do I validate a license key with ValidonX?

Send a POST request to /api/v1/integration/licenses/{licenseKey}/validate with your X-API-Key header. The response includes valid (boolean), license status, expiry date, and entitlements as a flexible JSON key-value object.

ValidonX is a multi-tenant SaaS licensing platform that provides license key validation, device activation tracking, entitlement enforcement, and usage metering via a REST API. Software vendors use it to manage licensing for their products.

How do ValidonX entitlements work?

Entitlements are a flexible JSON key-value store on each license. You define whatever keys make sense for your product (e.g., {"plan": "pro", "domains": 5, "api.access": true}). They are returned in the license validation response and can also be checked via the /entitlements/check endpoint.

What programming languages does ValidonX support?

ValidonX provides a REST API that works with any language. Official SDK examples and copy-paste client classes are provided for PHP, JavaScript/Node.js, Python, and cURL. The API uses standard JSON over HTTPS.

How much does ValidonX cost?

ValidonX offers a free Starter tier (1 product, 100 license keys, 10,000 API calls/month), a Pro tier at $49/month (5 products, unlimited keys, 100,000 API calls/month), and custom Enterprise pricing with unlimited everything and dedicated database.

Rate Limits

Last updated: Phase 8.5

Integration API

The Integration API (/api/v1/integration/*) enforces per-key rate limiting:

Setting	Default	Configurable
Requests per window	1,000	`VALIDONX_API_RATE_LIMIT_REQUESTS`
Window duration	3,600 seconds (1 hour)	`VALIDONX_API_RATE_LIMIT_PERIOD`

Rate limit key: api:{X-API-Key} (anonymous requests use api:anonymous).

Response Headers

Every Integration API response includes:

Header	Description
`X-RateLimit-Limit`	Maximum requests per window
`X-RateLimit-Remaining`	Requests remaining in current window
`X-RateLimit-Reset`	Unix timestamp when the window resets

When Exceeded

HTTP 429 Too Many Requests:

json

{
  "error": {
    "code": "RATE_LIMIT.EXCEEDED",
    "message": "Too many requests.",
    "status": 429,
    "type": "rate_limit",
    "details": {
      "limit": 1000,
      "reset": 3200
    }
  },
  "meta": {
    "request_id": "uuid",
    "api_version": "1"
  }
}

Additional headers on 429 responses:

Header	Description
`Retry-After`	Seconds until the limit resets
`X-RateLimit-Remaining`	`0`

The login endpoint (POST /api/auth/login) has a separate throttle:

Setting	Value
Max attempts	5
Decay period	60 seconds

Exceeding returns 429 Too Many Requests.

Admin and Tenant APIs

The Admin API (/api/v1/admin/*) and Tenant API (/api/v1/tenant/*) do not currently enforce per-request rate limits beyond Laravel's default throttling. These APIs are authenticated and intended for dashboard use, not high-volume automation.

Best Practices

Cache license validation results locally (recommended TTL: 5-15 minutes)
Use exponential backoff when receiving 429 responses
Monitor X-RateLimit-Remaining header to preemptively throttle
Contact support if you need higher limits for your use case

Rate Limits ​

Integration API ​

Response Headers ​

When Exceeded ​

Login Rate Limit ​

Admin and Tenant APIs ​

Best Practices ​