Your app calls our API with a customer's license key and gets an instant answer — valid or not, what level, and when it expires.
When a customer enters their license key in your app, your app sends that key to our validation endpoint along with your product identifier. We look it up against our hosted database and return a JSON response in milliseconds.
The response tells your app three things:
A clear true/false indicating whether the subscription is active and not expired. No ambiguity — your app knows exactly whether to grant access.
The access level encoded into the subscription key — a letter from A to Z corresponding to the plan tier. Use it to gate the right feature set without extra logic.
The precise UTC timestamp when the subscription expires. Display it to your user, or use it to show renewal reminders before they lose access.
Validation runs on our hosted infrastructure with a single database query. Typical response time is under 30ms — imperceptible to your users.
The validation endpoint accepts requests via GET query string, POST with a JSON body, or POST with a form-encoded body. It works from any language or platform that can make an HTTP request — PHP, JavaScript, Python, Node.js, Swift, Kotlin, or anything else.
Full API documentation — including exact endpoint URLs, parameter names, response field definitions, and ready-to-use code samples in multiple languages — is provided to every customer after sign-up. Contact us to get started.
Validation runs on our servers — a customer cannot fake a valid response. License keys are tamper-evident: the expiry and access level are encoded inside them, and our server is the authoritative source that confirms they haven't been revoked.
The validation endpoint returns CORS headers, so it can be called directly from browser-based applications. For maximum security, we recommend proxying the call through your own backend so your product credentials are not exposed in client-side code.
Call the API on launch. If the key is valid, unlock the app. Show level-appropriate features based on the returned access level.
Validate on login or on a settings page where users enter their key. Gate premium routes server-side using the returned level.
WordPress plugins, browser extensions, IDE plugins — any environment that can make an outbound HTTP request can validate a SubManager key.
Validate on app start or in the settings screen. Proxy through your backend for the cleanest security posture on mobile.