Skip to content

Activation Lifecycle

An activation is a license key bound to a specific device or environment; ValidonX tracks each one to enforce per-license device limits and give you usage visibility. Every activation moves through a small set of lifecycle states, described below.

Lifecycle States

License Issued → Activation Created → Activation Validated → (Activation Revoked)

Creating an Activation

Endpoint: POST /api/v1/integration/activations

instance_id is required — it is the seat identity, so send a stable, unique value your app generates per install. device_fingerprint is optional but recommended — a hash of hardware identifiers recorded with the activation. Because instance_id is client-chosen, a hardware-derived fingerprint gives each seat an auditable device identity, so seat-sharing and device-hopping are detectable in your activation records.

bash
curl -X POST https://api.validonx.com/api/v1/integration/activations \
  -H "X-API-Key: vx_your-api-key" \
  -H "Content-Type: application/json" \
  -d '{
    "license_key": "XXXX-XXXX-XXXX-XXXX",
    "instance_id": "app-instance-unique-id",
    "device_fingerprint": "sha256-of-hardware-identifiers",
    "metadata": {
      "os": "Windows 11",
      "app_version": "2.1.0",
      "hostname": "workstation-01"
    }
  }'

Response (201):

json
{
  "data": {
    "activation": {
      "id": "uuid",
      "license_key_id": "uuid",
      "instance_id": "app-instance-unique-id",
      "device_fingerprint": "sha256-of-hardware-identifiers",
      "status": "active",
      "activated_at": "2026-04-03T10:00:00+00:00",
      "created_at": "2026-04-03T10:00:00+00:00"
    }
  },
  "meta": { "request_id": "uuid", "api_version": "1" }
}

Validating an Activation

Endpoint: POST /api/v1/integration/activations/{activationId}/validate

Use this to verify an activation is still valid (not revoked, license not expired).

bash
curl -X POST https://api.validonx.com/api/v1/integration/activations/{id}/validate \
  -H "X-API-Key: vx_your-api-key"

Idempotency

Creating an activation with the same license_key + instance_id combination returns the existing activation rather than creating a duplicate. This makes the endpoint safe to retry.

Activation Limits

Each license has a maximum number of activations (configurable, default 10). When the limit is reached, new activation requests return 403 ACTIVATION.LIMIT_EXCEEDED.

PlanDefault Max Activations
Starter10 per license
Pro50 per license
EnterpriseConfigurable

Best Practices

  1. Use a stable instance_id and a real device_fingerprint: the instance_id is your per-install seat identity (keep it stable and hard to share); the optional device_fingerprint should be a combination of hardware identifiers (CPU ID, disk serial, MAC address) hashed together, so each seat has an auditable hardware identity and seat-sharing shows up in your records
  2. Validate on startup: Check activation validity when your application starts
  3. Handle gracefully: If activation fails, show a user-friendly message with instructions
  4. Include metadata: OS, app version, and hostname help with debugging and analytics