How do I validate a license key with ValidonX?

Send a POST request to /api/v1/integration/licenses/{licenseKey}/validate with your X-API-Key header. The response includes valid (boolean), license status, expiry date, and entitlements as a flexible JSON key-value object.

ValidonX is a multi-tenant SaaS licensing platform that provides license key validation, device activation tracking, entitlement enforcement, and usage metering via a REST API. Software vendors use it to manage licensing for their products.

How do ValidonX entitlements work?

Entitlements are a flexible JSON key-value store on each license. You define whatever keys make sense for your product (e.g., {"plan": "pro", "domains": 5, "api.access": true}). They are returned in the license validation response and can also be checked via the /entitlements/check endpoint.

What programming languages does ValidonX support?

ValidonX provides a REST API that works with any language. Official SDK examples and copy-paste client classes are provided for PHP, JavaScript/Node.js, Python, and cURL. The API uses standard JSON over HTTPS.

How much does ValidonX cost?

ValidonX offers a free Starter tier (1 product, 100 license keys, 10,000 API calls/month), a Pro tier at $49/month (5 products, unlimited keys, 100,000 API calls/month), and custom Enterprise pricing with unlimited everything and dedicated database.

Tenant Resolution & Routing

Every request to the ValidonX API must be resolved to a specific tenant. This document explains how tenant resolution works and what headers are required.

Resolution Paths

Path 1: API Key Resolution (Integration API)

Used for: /v1/integration/* endpoints (license validation, activation, entitlements, usage)

Client → X-API-Key header → HMAC-SHA256 hash → api_keys table lookup → tenant

Required header: X-API-Key: VX-xxxxx...

The middleware:

Extracts X-API-Key from the request header
Hashes it with HMAC-SHA256 using the application key
Looks up the hash in the api_keys table
Validates the key is active and the tenant is active
Switches the database connection to the tenant's database
Binds the tenant to the request

Error responses:

401 AUTH.INVALID_API_KEY — missing, invalid, or revoked key
403 TENANT.STATUS.SUSPENDED — tenant is suspended

Path 2: User-Based Resolution (Tenant API)

Used for: /v1/tenant/*, /v1/billing/* endpoints

Client → Bearer token → Sanctum auth → user's tenants → X-Tenant-ID (if multiple)

Required header: Authorization: Bearer <token>Optional header: X-Tenant-ID: <uuid> (required if user belongs to multiple tenants)

The middleware:

Authenticates via Sanctum (auth:sanctum)
Loads the user's active tenants via the tenant_user pivot
If single tenant: auto-selects it
If multiple tenants: requires X-Tenant-ID header
Validates the selected tenant is active
Switches the database connection

Common Headers

Header	Required	Description
`X-API-Key`	Integration API	Tenant API key
`Authorization`	Tenant/Admin API	`Bearer <token>`
`X-Tenant-ID`	Multi-tenant users	UUID of target tenant
`X-Request-ID`	Optional	Request correlation ID (auto-generated if absent)

Rate Limit Headers (Response)

All Integration API responses include:

Header	Description
`X-RateLimit-Limit`	Max requests in current window
`X-RateLimit-Remaining`	Requests remaining
`X-RateLimit-Reset`	Unix timestamp when window resets
`Retry-After`	Seconds to wait (429 responses only)

Tenant Resolution & Routing ​

Resolution Paths ​

Path 1: API Key Resolution (Integration API) ​

Path 2: User-Based Resolution (Tenant API) ​

Common Headers ​