Everything you need to ship licensing

From license validation to usage metering — the full lifecycle behind one Integration API, so you integrate once and never build licensing plumbing again.

Integration API

I

License Validation

POST /v1/integration/licenses/{key}/validate — real-time validation with status, expiry, and entitlement checks. Returns structured JSON envelopes with request tracking. One call tells your app whether the license is valid, active, and within its limits.

I

Activation Management

POST /v1/integration/activations — create and validate per-device activations. Built-in idempotency (same license + instance returns existing activation). So a shared or leaked key can't exceed its device limit.

I

Entitlement Checking

POST /v1/integration/entitlements/check — boolean and metered entitlement checks against the license entitlements JSON. Gate features and usage limits without shipping a new release.

I

Usage Recording

POST /v1/integration/usage/record — record metered usage events with an optional X-Idempotency-Key header. Meter exactly what you bill for, with retries that never double-count.

Platform

P

Tenant Provisioning

13-stage idempotent pipeline: validate, create DB, migrate, seed config, subscription, entitlements, usage counters, branding, API key, webhooks, audit, health check, license issuance. New customers go live in seconds, not a manual setup ticket.

P

Tenant Resolution

Middleware-based resolution via X-API-Key (Integration API) or Bearer token + X-Tenant-ID (Dashboard). One key routes each request to the right customer's data, automatically — no global state.

Dashboard

D

Admin Dashboard

Full admin console: tenant management, lifecycle actions (suspend/reactivate/close), platform metrics, audit logs, product catalog, feature flags, billing operations. Run the whole platform without touching the database.

D

Tenant Dashboard

Self-service portal: products, licenses, activations, entitlements, API keys, settings, billing invoices, subscription management, payment methods. Your customers self-serve, cutting your support load.

Security

S

Rate Limiting

Per-API-key rate limiting with X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Reset headers. 429 responses with Retry-After. Abusive traffic is contained before it touches your service.

S

Audit Logging

Every state mutation logged to platform audit_logs: structured event codes (ACTIVATION.CREATED, LICENSE.VALIDATED, USAGE.RECORDED), severity levels, tenant context. Answer "who changed what, when" for any compliance review.

S

Error Taxonomy

ADR-009 compliant error envelopes: { error: { code, message, type, status }, meta: { request_id, api_version } }. Branch your integration on a stable code instead of parsing prose — and no stack traces leak.

S

HMAC-SHA256 Key Hashing

API keys hashed with HMAC-SHA256 using APP_KEY. Never stored in plaintext. Constant-time comparison via hash_equals(). A database breach never exposes a usable key.

Everything you need, behind one API

Start free and integrate license validation in minutes.

Free forever plan · No credit card required · Start in minutes

We use essential cookies for authentication and session management. Privacy Policy