License System
Generate, distribute, and manage license keys for your applications. Support for duration-based expiration, level access, HWID locking, and device limits.
Overview
Authon's license system provides flexible key-based access control for your software:
Duration-Based
Keys expire after a set time (1h to lifetime)
Level Access
Assign levels to control feature access
HWID Locking
Bind licenses to specific hardware
Device Limits
Control max concurrent sessions per license
Bulk Generation
Create up to 100 keys at once
Custom Prefix
Brand your keys with a custom prefix
License Lifecycle
A license key goes through these statuses:
Duration Types
When generating licenses, set the durationType to control how long the key is valid after activation:
| Duration | Value | Description |
|---|---|---|
1h | 1 hour | For trials and short demos |
1d | 24 hours | Daily access passes |
7d | 7 days | Weekly subscriptions |
30d | 30 days | Monthly subscriptions |
90d | 90 days | Quarterly access |
365d | 365 days | Annual subscriptions |
lifetime | Never expires | Permanent access |
Timer starts on activation
The duration countdown begins when the key is first used (status changes from UNUSED to USED), not when it's generated.
Generating License Keys
Via Dashboard
Navigate to your app → Licenses → "Generate Keys". Configure the count, duration, level, and optional prefix.
Via Admin API
curl -X POST https://api.authon.pro/v1/admin/apps/YOUR_APP_ID/licenses \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{
"count": 10,
"durationType": "30d",
"level": 1,
"maxDevices": 1,
"prefix": "PRO",
"note": "June batch"
}'{
"success": true,
"data": [
{
"id": "lic_abc123",
"key": "PRO-A8F2-K9D1-M3B7",
"appId": "app_xyz",
"status": "UNUSED",
"durationType": "30d",
"level": 1,
"maxDevices": 1,
"prefix": "PRO",
"note": "June batch",
"createdAt": "2025-06-15T12:00:00Z"
}
]
}Parameters
countnumberoptionalNumber of keys to generate (1-100, default: 1)durationTypestringrequiredDuration: 1h, 1d, 7d, 30d, 90d, 365d, lifetimelevelnumberoptionalAccess level for this key (default: 1)maxDevicesnumberoptionalMax concurrent sessions allowed (default: 1)prefixstringoptionalCustom prefix for generated keys (e.g., 'VIP')notestringoptionalInternal note (not visible to users)Key Format
License keys are generated in a 4-segment format. If a prefix is specified, it replaces the first segment:
A8F2-K9D1-M3B7-X4P6PRO-A8F2-K9D1-M3B7VIP-X2Y4-B7C9-F1G3Access Levels
Levels let you create tiered access within a single application. Higher levels can access more features or files.
| Level | Example Use |
|---|---|
1 | Basic access — standard features only |
2 | Premium — unlocks additional features or files |
3 | VIP — full access to all features and files |
When a user requests a file download, Authon checks that user.level >= file.minLevel. Use this to gate premium content.
auto user = auth.getUser();
if (user.level >= 2) {
// Show premium features
loadPremiumModule();
} else {
std::cout << "Upgrade to Premium for this feature!" << std::endl;
}HWID Locking
Hardware ID (HWID) locking prevents license sharing by binding a user to a specific machine:
First Login
If the user has no HWID stored, the provided HWID is saved and locked to their account.
Subsequent Logins
The HWID must match. If it doesn't, login is rejected with "Hardware ID mismatch" (403).
HWID Reset
Admins can reset a user's HWID from the dashboard or via POST /v1/admin/apps/:appId/users/:userId/reset-hwid.
HWID is optional
If you don't send an HWID with login/register requests, hardware locking is disabled for that user. Useful for web-based apps.
Device Limits (maxDevices)
Control how many devices can be logged in simultaneously with the same account:
{
"count": 5,
"durationType": "30d",
"level": 1,
"maxDevices": 3 // User can be logged in on 3 devices at once
}When the limit is reached, the oldest session is automatically terminated to allow the new login. This ensures users can always access their account without manual session management.
Managing Licenses
List & Filter
curl -X GET "https://api.authon.pro/v1/admin/apps/APP_ID/licenses?status=UNUSED&page=1&limit=50" \
-H "Authorization: Bearer YOUR_TOKEN"Ban a License
Banning a license immediately prevents it from being used for login or activation:
curl -X POST https://api.authon.pro/v1/admin/apps/APP_ID/licenses/LICENSE_ID/ban \
-H "Authorization: Bearer YOUR_TOKEN"Delete a License
curl -X DELETE https://api.authon.pro/v1/admin/apps/APP_ID/licenses/LICENSE_ID \
-H "Authorization: Bearer YOUR_TOKEN"Extend Subscription
Add days to a user's expiration (not the license directly, but the user linked to it):
curl -X POST https://api.authon.pro/v1/admin/apps/APP_ID/users/USER_ID/extend \
-H "Content-Type: application/json" \
-H "Authorization: Bearer YOUR_TOKEN" \
-d '{ "days": 30 }'Reseller Integration
Allow trusted resellers to generate keys using a credit-based system:
- Create a reseller account (Admin API or dashboard)
- Add balance/credits to the reseller
- Reseller logs in via Reseller API and generates keys
- Each key generated deducts 1 credit from their balance
See the Reseller API documentation for endpoint details.
Best Practices
Use Prefixes for Organization
Use prefixes like "VIP", "TRIAL", "PROMO" to easily identify key batches in the dashboard.
Don't Generate Too Many
Generate keys in smaller batches and track usage. Large pools of unused keys increase risk if your database is compromised.
Monitor with Webhooks
Subscribe to license.activate events to track when keys are used in real-time.
Use Levels Wisely
Design your level system upfront. Level 1 for basic, 2 for premium, 3 for VIP. Gate features and file downloads by level.