How do I validate a license key with ValidonX?

Send a POST request to /api/v1/integration/licenses/{licenseKey}/validate with your X-API-Key header. The response includes valid (boolean), license status, expiry date, and entitlements as a flexible JSON key-value object.

ValidonX is a multi-tenant SaaS licensing platform that provides license key validation, device activation tracking, entitlement enforcement, and usage metering via a REST API. Software vendors use it to manage licensing for their products.

How do ValidonX entitlements work?

Entitlements are a flexible JSON key-value store on each license. You define whatever keys make sense for your product (e.g., {"plan": "pro", "domains": 5, "api.access": true}). They are returned in the license validation response and can also be checked via the /entitlements/check endpoint.

What programming languages does ValidonX support?

ValidonX provides a REST API that works with any language. Official SDK examples and copy-paste client classes are provided for PHP, JavaScript/Node.js, Python, and cURL. The API uses standard JSON over HTTPS.

How much does ValidonX cost?

ValidonX offers a free Starter tier (1 product, 100 license keys, 10,000 API calls/month), a Pro tier at $49/month (5 products, unlimited keys, 100,000 API calls/month), and custom Enterprise pricing with unlimited everything and dedicated database.

Integration API Overview

The Integration API is the primary interface for external applications to validate licenses, manage activations, check entitlements, and report usage. All endpoints are authenticated via API key and rate-limited.

Base URL

https://api.validonx.com/api/v1/integration

Authentication

All requests require the X-API-Key header:

X-API-Key: vx_your_api_key_here

See API Key Authentication for details on obtaining and managing keys.

Endpoints

Method	Path	Description
POST	`/licenses/{licenseKey}/validate`	Validate a license key
POST	`/activations`	Create a device activation
POST	`/activations/{activationId}/validate`	Validate an existing activation
POST	`/entitlements/check`	Check feature entitlements
POST	`/usage/record`	Record usage metrics

Middleware Stack

Every request passes through:

ResolveTenantFromApiKey — resolves tenant from API key
EnforceRateLimit — enforces per-key rate limits (default: 1,000/hour)

Response Format

Success:

json

{
  "data": { ... },
  "meta": {
    "request_id": "uuid",
    "api_version": "1"
  }
}

Error:

json

{
  "error": {
    "code": "LICENSE.NOT_FOUND",
    "message": "License key not found.",
    "type": "license",
    "status": 404,
    "details": {}
  },
  "meta": {
    "request_id": "uuid",
    "api_version": "1"
  }
}

Rate Limits

1,000 requests per hour per API key. See Rate Limits.

Security Model

API keys are hashed with HMAC-SHA256 before storage
Raw keys are shown only once at creation
Each key is bound to one tenant
Suspended tenants are rejected with 403
All requests are rate-limited
last_used_at is updated on every request

Integration API Overview ​

Base URL ​

Authentication ​

Endpoints ​

Middleware Stack ​

Response Format ​

Rate Limits ​

Security Model ​