Request body
json
{
"license_key": "XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX"
}API Endpoint
POST /revoke
Revoke a license key. Revoked licenses cannot be activated or validated.
POST /revoke
Endpoint context
Use these endpoints for license lifecycle operations. /generate and /revoke require a generated active server API key. Runtime endpoints use license_key plus fingerprint.
- Requires a generated active server API key.
- Revocation is license-level, not seat-level.
- After revocation, runtime checks return invalid/revoked state.
bash
curl -X POST http://localhost:8080/revoke \
-H "Authorization: Bearer <generated_server_api_key>" \
-H "Content-Type: application/json" \
-d '{
"license_key": "XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX"
}'Response body
json
{
"valid": false,
"status": "revoked",
"license_key": "XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX",
"revoked_at": "2026-04-20T12:00:00Z"
}Response field types
valid
boolean
Always false for a successful revoke response.
status
"revoked"
License status after revocation.
license_key
string
License key that was revoked.
revoked_at
string
RFC3339 timestamp when revocation was recorded.
Error codes
400
Invalid JSON or missing license_key.
401
Missing or invalid API key.
404
License not found.
500
Unexpected server or storage error.