Activation Lifecycle
An activation is a license key bound to a specific device or environment; ValidonX tracks each one to enforce per-license device limits and give you usage visibility. Every activation moves through a small set of lifecycle states, described below.
Lifecycle States
License Issued → Activation Created → Activation Validated → (Activation Revoked)Creating an Activation
Endpoint: POST /api/v1/integration/activations
instance_id is required — it is the seat identity, so send a stable, unique value your app generates per install. device_fingerprint is optional but recommended — a hash of hardware identifiers recorded with the activation. Because instance_id is client-chosen, a hardware-derived fingerprint gives each seat an auditable device identity, so seat-sharing and device-hopping are detectable in your activation records.
curl -X POST https://api.validonx.com/api/v1/integration/activations \
-H "X-API-Key: vx_your-api-key" \
-H "Content-Type: application/json" \
-d '{
"license_key": "XXXX-XXXX-XXXX-XXXX",
"instance_id": "app-instance-unique-id",
"device_fingerprint": "sha256-of-hardware-identifiers",
"metadata": {
"os": "Windows 11",
"app_version": "2.1.0",
"hostname": "workstation-01"
}
}'Response (201):
{
"data": {
"activation": {
"id": "uuid",
"license_key_id": "uuid",
"instance_id": "app-instance-unique-id",
"device_fingerprint": "sha256-of-hardware-identifiers",
"status": "active",
"activated_at": "2026-04-03T10:00:00+00:00",
"created_at": "2026-04-03T10:00:00+00:00"
}
},
"meta": { "request_id": "uuid", "api_version": "1" }
}Validating an Activation
Endpoint: POST /api/v1/integration/activations/{activationId}/validate
Use this to verify an activation is still valid (not revoked, license not expired).
curl -X POST https://api.validonx.com/api/v1/integration/activations/{id}/validate \
-H "X-API-Key: vx_your-api-key"Idempotency
Creating an activation with the same license_key + instance_id combination returns the existing activation rather than creating a duplicate. This makes the endpoint safe to retry.
Activation Limits
Each license has a maximum number of activations (configurable, default 10). When the limit is reached, new activation requests return 403 ACTIVATION.LIMIT_EXCEEDED.
| Plan | Default Max Activations |
|---|---|
| Starter | 10 per license |
| Pro | 50 per license |
| Enterprise | Configurable |
Best Practices
- Use a stable
instance_idand a realdevice_fingerprint: theinstance_idis your per-install seat identity (keep it stable and hard to share); the optionaldevice_fingerprintshould be a combination of hardware identifiers (CPU ID, disk serial, MAC address) hashed together, so each seat has an auditable hardware identity and seat-sharing shows up in your records - Validate on startup: Check activation validity when your application starts
- Handle gracefully: If activation fails, show a user-friendly message with instructions
- Include metadata: OS, app version, and hostname help with debugging and analytics