How do I validate a license key with ValidonX?

Send a POST request to /api/v1/integration/licenses/{licenseKey}/validate with your X-API-Key header. The response includes valid (boolean), license status, expiry date, and entitlements as a flexible JSON key-value object.

ValidonX is a multi-tenant SaaS licensing platform that provides license key validation, device activation tracking, entitlement enforcement, and usage metering via a REST API. Software vendors use it to manage licensing for their products.

How do ValidonX entitlements work?

Entitlements are a flexible JSON key-value store on each license. You define whatever keys make sense for your product (e.g., {"plan": "pro", "domains": 5, "api.access": true}). They are returned in the license validation response and can also be checked via the /entitlements/check endpoint.

What programming languages does ValidonX support?

ValidonX provides a REST API that works with any language. Official SDK examples and copy-paste client classes are provided for PHP, JavaScript/Node.js, Python, and cURL. The API uses standard JSON over HTTPS.

How much does ValidonX cost?

ValidonX offers a free Starter tier (1 product, 100 license keys, 10,000 API calls/month), a Pro tier at $49/month (5 products, unlimited keys, 100,000 API calls/month), and custom Enterprise pricing with unlimited everything and dedicated database.

Multi-Tenancy Architecture

ValidonX uses a database-per-tenant isolation model. Each tenant gets a dedicated MySQL database containing their licenses, activations, entitlements, and usage data. The platform database stores shared data: tenants, users, subscriptions, billing, and audit logs.

How It Works

┌─────────────────────────────────────┐
│         Platform Database           │
│  (validonx_platform)                │
│                                     │
│  tenants, users, admins, plans,     │
│  subscriptions, invoices, api_keys, │
│  audit_logs, webhook_endpoints      │
└─────────────────────────────────────┘
          │
          │ tenant_id foreign key
          │
    ┌─────┴─────┬──────────────┐
    ▼           ▼              ▼
┌──────────┐ ┌──────────┐ ┌──────────┐
│ Tenant A │ │ Tenant B │ │ Tenant C │
│ (vx_     │ │ (vx_     │ │ (vx_     │
│ tenant_  │ │ tenant_  │ │ tenant_  │
│ acme)    │ │ beta)    │ │ corp)    │
│          │ │          │ │          │
│ licenses │ │ licenses │ │ licenses │
│ activ.   │ │ activ.   │ │ activ.   │
│ entitl.  │ │ entitl.  │ │ entitl.  │
│ usage    │ │ usage    │ │ usage    │
└──────────┘ └──────────┘ └──────────┘

Tenant Resolution

Every API request is routed to the correct tenant database via middleware:

Integration API (/v1/integration/*): Resolved from X-API-Key header. The API key hash is looked up in the platform database to find the tenant.
Tenant API (/v1/tenant/*): Resolved from the authenticated user's Sanctum token. If a user belongs to multiple tenants, the X-Tenant-ID header selects which one.

Provisioning

New tenants go through a 12-stage idempotent pipeline:

Validate tenant record
Create isolated database
Run tenant migrations
Seed configuration defaults
Initialize subscription (plan-linked)
Initialize entitlements (plan-specific)
Initialize usage counters
Set branding defaults
Generate API key (HMAC-SHA256 hashed)
Create webhook endpoint placeholder
Emit audit event
Health check and status → active

Data Isolation Guarantees

Each tenant's data is in a separate database — no shared tables
Database connection is switched per-request via TenantDatabaseManager
API keys are scoped to a single tenant
Rate limits are enforced per-tenant and per-API-key
Audit logs include tenant_id for correlation

Multi-Tenancy Architecture ​

How It Works ​

Tenant Resolution ​

Provisioning ​

Data Isolation Guarantees ​

Multi-Tenancy Architecture

How It Works

Tenant Resolution

Provisioning

Data Isolation Guarantees