Everything you need to ship licensing
From license validation to usage metering — the full lifecycle behind one Integration API, so you integrate once and never build licensing plumbing again.
Integration API
License Validation
POST /v1/integration/licenses/{key}/validate — real-time validation with status, expiry, and entitlement checks. Returns structured JSON envelopes with request tracking. One call tells your app whether the license is valid, active, and within its limits.
Activation Management
POST /v1/integration/activations — create and validate per-device activations. Built-in idempotency (same license + instance returns existing activation). So a shared or leaked key can't exceed its device limit.
Entitlement Checking
POST /v1/integration/entitlements/check — boolean and metered entitlement checks against the license entitlements JSON. Gate features and usage limits without shipping a new release.
Usage Recording
POST /v1/integration/usage/record — record metered usage events with an optional X-Idempotency-Key header. Meter exactly what you bill for, with retries that never double-count.
Platform
Tenant Provisioning
13-stage idempotent pipeline: validate, create DB, migrate, seed config, subscription, entitlements, usage counters, branding, API key, webhooks, audit, health check, license issuance. New customers go live in seconds, not a manual setup ticket.
Tenant Resolution
Middleware-based resolution via X-API-Key (Integration API) or Bearer token + X-Tenant-ID (Dashboard). One key routes each request to the right customer's data, automatically — no global state.
Dashboard
Admin Dashboard
Full admin console: tenant management, lifecycle actions (suspend/reactivate/close), platform metrics, audit logs, product catalog, feature flags, billing operations. Run the whole platform without touching the database.
Tenant Dashboard
Self-service portal: products, licenses, activations, entitlements, API keys, settings, billing invoices, subscription management, payment methods. Your customers self-serve, cutting your support load.
Security
Rate Limiting
Per-API-key rate limiting with X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset headers. 429 responses with Retry-After. Abusive traffic is contained before it touches your service.
Audit Logging
Every state mutation logged to platform audit_logs: structured event codes (ACTIVATION.CREATED, LICENSE.VALIDATED, USAGE.RECORDED), severity levels, tenant context. Answer "who changed what, when" for any compliance review.
Error Taxonomy
ADR-009 compliant error envelopes: { error: { code, message, type, status }, meta: { request_id, api_version } }. Branch your integration on a stable code instead of parsing prose — and no stack traces leak.
HMAC-SHA256 Key Hashing
API keys hashed with HMAC-SHA256 using APP_KEY. Never stored in plaintext. Constant-time comparison via hash_equals(). A database breach never exposes a usable key.
Everything you need, behind one API
Start free and integrate license validation in minutes.
Free forever plan · No credit card required · Start in minutes