Licenses

License validation, activation, and device management API

License API

Manage license validation, activation, and device tracking.

Rate Limiting: License endpoints are rate-limited per IP over a fixed 60-second window. Exceeding the limit returns 429 Too Many Requests with a Retry-After: 60 header until the window resets.

Validate License

Validate and activate a license key. This endpoint is rate-limited to 5 requests per minute per IP address.

Endpoint: POST /api/licenses/validate

ParameterTypeRequiredDescription
license_keystringYesLicense key to validate
device_idstringNoUnique device identifier for activation tracking
curl -X POST "$BASE_URL/api/licenses/validate" \
  -H "Content-Type: application/json" \
  -d '{"license_key":"XXXX-XXXX-XXXX-XXXX","device_id":"device_abc123"}'

Response (Success):

{
  "valid": true,
  "license": {
    "id": "uuid",
    "status": "active",
    "product": { "id": "uuid", "name": "PRO", "features": [] },
    "activation_date": "2024-01-01T00:00:00Z",
    "expiration_date": "2025-12-31T23:59:59Z",
    "current_activations": 1
  }
}

Response (Error):

{
  "statusCode": 400,
  "statusMessage": "Invalid license key or validation failed"
}
For security, all license validation errors return the same generic message to prevent enumeration attacks.

Deactivate License

Authentication Required

Requires the session_token session cookie of the license owner (see Authentication), you can only deactivate a license you own.

Deactivate a license from a specific device or all devices.

Endpoint: POST /api/licenses/deactivate

ParameterTypeRequiredDescription
license_keystringYesLicense key to deactivate
device_idstringNoSpecific device to deactivate (omit for all devices)
curl -X POST "$BASE_URL/api/licenses/deactivate" \
  -b cookies.txt \
  -H "Content-Type: application/json" \
  -d '{"license_key":"XXXX-XXXX-XXXX-XXXX","device_id":"device_abc123"}'

Response:

{
  "success": true,
  "message": "Device deactivated successfully",
  "remaining_activations": 4
}

License Status

Authentication Required

Requires the session_token session cookie of the license owner (see Authentication), you can only inspect a license you own.

Check the current status of a license. Rate-limited to 30 requests per minute per IP.

Endpoint: GET /api/licenses/status

ParameterTypeRequiredDescription
license_keyqueryYesLicense key to check
curl -X GET "$BASE_URL/api/licenses/status?license_key=XXXX-XXXX-XXXX-XXXX" \
  -b cookies.txt

Response:

{
  "license": {
    "id": "uuid",
    "license_key": "XXXX-XXXX-XXXX-XXXX",
    "status": "active",
    "activation_date": "2024-01-01T00:00:00Z",
    "expiration_date": "2025-12-31T23:59:59Z",
    "days_until_expiration": 365,
    "activation_limit": 5,
    "current_activations": 2,
    "available_activations": 3,
    "is_expired": false,
    "is_active": true,
    "product": { "id": "uuid", "name": "PRO" },
    "user": { "id": "uuid", "email": "user@example.com" }
  },
  "active_devices": [
    {
      "id": "uuid",
      "device_id": "device_abc123",
      "activated_at": "2024-01-01T00:00:00Z",
      "ip_address": "192.168.1.1"
    }
  ]
}

License Lifecycle

Rate Limiting

License endpoints are rate-limited per IP over a fixed 60-second window. On a 429, one header is returned:

HeaderDescription
Retry-AfterSeconds until the window resets (always 60)

Rate Limits by Endpoint

EndpointRequests / 60sTier
/api/licenses/validate5Strict
/api/licenses/status30Standard
/api/licenses/deactivate30Standard

POST /api/licenses/validate applies the Strict limit twice: once per IP, and once keyed on the submitted license_key, so a single key cannot be hammered from many IPs.

Exceeding a limit returns 429 Too Many Requests for the remainder of the 60-second window. There is no progressive or escalating block duration.

License Types

TypeDescriptionFeatures
TRIALLegacy v1 desktop trial (10-minute session). v2 uses the free account plan instead.Limited to single room
PROProfessional licenseUnlimited rooms, custom branding
ENTERPRISEEnterprise licenseAll features, priority support, SSO