Every subscriber gets a unique key with your product ID, their expiry date, and their access level encoded directly inside it.
SubManager license keys are not random strings. Each key encodes four pieces of information in a structured, tamper-evident format:
The unique ID of your product is encoded in the key. A key issued for Product A cannot be used to validate against Product B — even if the rest of the key looks identical.
The exact UTC timestamp when this subscription expires is encoded into the key. The server validates against this timestamp on every API call.
The plan's access level — a single letter from A to Z — is encoded into the key. Your app reads it from the validation response to grant the right feature tier.
A cryptographically random segment makes each key unique and prevents guessing or brute-force attacks, even if an attacker knows the encoding scheme.
Encoding product ID, expiry, and level into the key means your validation response contains everything your app needs in one round-trip. You get the access level from the validation response — no second database query, no separate API call. The server remains the authority; the encoding is a convenience your app can rely on.
Levels A through Z let you map your subscription tiers directly onto a single letter. When the validation API responds, it includes the level so your app can branch accordingly:
| Level | Typical Use Case |
|---|---|
| A | Starter / Basic tier |
| B | Pro tier |
| C | Enterprise tier |
| D–Z | Additional tiers, beta access, agency plans, team plans, lifetime licenses, etc. |
A customer cannot modify their key to change their level or extend their expiry. Our server validates every component of the key on each API call. Any modification — even a single character — causes the validation to fail.
The exact key format and encoding details are provided in the API documentation shared with customers after sign-up. Contact us to get access.
After a successful payment, SubManager automatically emails the subscriber their license key in a professional receipt email. Subscribers also see their key in their account dashboard on your hosted checkout portal. No action required on your end — delivery is fully automated.