Home How It Works Validation API Overview

Validation API Overview

The SubManager validation API is the integration point between your app and our hosted subscription platform. Your app calls it to verify a customer's license key in real time.

Full API documentation — including exact endpoint URLs, all parameters, response field definitions, HTTP method options, error codes, and ready-to-use code samples in PHP, JavaScript, Python, and more — is included in your onboarding package. Sign up or contact us to receive it.

What the API Does

In a single API call, your app can determine:

  • Whether a subscription key is valid and currently active
  • The subscriber's access level (A–Z, corresponding to their plan tier)
  • The exact expiry date and time of their subscription

That's everything your app needs to gate access to features — all in one lightweight, fast response.

How It's Used

1

Customer Enters Their License Key

Your app has a place — a settings screen, an activation dialog, a login flow — where a customer enters the license key they received after purchasing.

2

Your App Calls the API

Your app sends the key along with your product identifier to our validation endpoint. The call can be made as a GET request or a POST request with a JSON or form body — whichever fits your stack.

3

We Respond Instantly

Our server checks the key against our database and returns a JSON response: valid status, access level, and expiry date. Typical response time is under 30ms.

4

Your App Gates Access

Based on the response, your app unlocks the appropriate features for the subscriber's level and shows them their expiry date if needed.

Languages & Platforms Supported

The API is a standard HTTP endpoint that works from any language or platform capable of making a web request:

PHP

WordPress plugins, Laravel apps, custom PHP software

JavaScript / Node.js

Browser apps, Electron desktop apps, Node backends

Python

Django, Flask, FastAPI, scripts, automation tools

Swift / Kotlin

iOS and Android mobile applications

C# / .NET

Windows desktop apps, ASP.NET applications

Anything else

If it can make an HTTP request, it can validate a SubManager key

Security Considerations

We recommend calling the validation API from your backend rather than directly from client-side JavaScript. This keeps your product credentials out of publicly visible code. For apps where a backend is not available (desktop, mobile), calling from the client is acceptable — the API is designed to work in both scenarios.

Get the Full API Documentation

Complete API documentation is provided to every SubManager customer as part of onboarding. It includes everything you need to integrate in a single afternoon.

Sign Up to Receive API Docs → How Validation Works →