Request body
json
{
"license_key": "XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX",
"fingerprint": "abc123-machine-fingerprint"
}API Endpoint
POST /validate
High-frequency runtime check to confirm license status for a fingerprint.
POST /validate
Endpoint context
Use these endpoints for license lifecycle operations. /generate and /revoke require a generated active server API key. Runtime endpoints use license_key plus fingerprint.
- Verifies license state and fingerprint binding.
- Returns status and expires_at for runtime decisions.
- Designed for repeated online validation heartbeats.
bash
curl -X POST http://localhost:8080/validate \
-H "Content-Type: application/json" \
-d '{
"license_key": "XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX",
"fingerprint": "abc123-machine-fingerprint"
}'Response body
json
{
"valid": true,
"status": "active",
"expires_at": "2026-10-20T12:00:00Z",
"reason": ""
}Response field types
valid
boolean
Whether the license is valid for this fingerprint.
status
"inactive" | "active" | "revoked"
License status returned by validation logic.
expires_at
string | null
RFC3339 timestamp when the license expires, or null for non-expiring licenses.
reason
string (optional)
Present on invalid responses (for example revoked, expired, fingerprint_not_active).
Error codes
400
Invalid JSON or missing required fields.
404
License not found.
500
Unexpected server or storage error.