KeyforgeDocs

Offline licensing

It's common to have apps that need to work even without an internet connection. Keyforge makes it easy to validate licenses oflline.

An internet connection is only required to activate the license and to occasionally refresh the license token.

To make this possible, Keyforge can issue a signed license token that can be verified on the client. The token is a JWT and contains information about the license.

Get started

There is a client SDK available for JavaScript, but license tokens can be used in any programming language that supports JWTs.

No SDK

Learn how to generate and verify license tokens without a client SDK.

JavaScript SDK

Learn how to use the client-side JavaScript SDK to generate and verify license tokens.

Configure license tokens for a product

Go to license tokens and add a new product. You can edit how much time a token will be valid for, and other options after creating the new configuration.

For setups with more than one product, you can duplicate the signing key pair from another product inside the edit menu. You can also import an external key pair.

Retrieve initial token

The simplest way to get and store the first license token for a device is after activating a license. You should use the activate license API endpoint.

curl -X POST https://keyforge.dev/api/v1/public/licenses/activate \
  -H "Content-Type: application/json" \
  -d '{
    "licenseKey": "ABCDE-ABCDE-ABCDE-ABCDE-ABCDE",
    "deviceIdentifier": "some_device_id",
    "deviceName": "My device",
    "productId": "p_123456"
  }'

A token property will be returned in the response. You should store this token in the device's storage.

Verify the token

To verify the token, you can use any JWT library available in your programming language. Here are some tips you should follow:

  • The token is signed using an ES256 key pair. The public key is in the dashboard.
  • You should check the exp claim to see if the token is still valid.
  • You should check the productId and deviceIdentifier to make sure the token is valid for the current product and device.
  • You should not ask the user to activate a license if the token is expired but was valid at some point.

The token should be verified when the app starts, but it can also be verified periodically.

Refresh the token

The token needs to be refreshed periodically to ensure it remains valid. Use the license token API endpoint.

You should refresh the token some time before it expires, for example, 3 days before the expiration date.

curl -X POST https://keyforge.dev/api/v1/public/licenses/token \
  -H "Content-Type: application/json" \
  -d '{
    "licenseKey": "ABCDE-ABCDE-ABCDE-ABCDE-ABCDE",
    "deviceIdentifier": "some_device_id",
    "productId": "p_123456"
  }'

A token property will be returned in the response. You should store this token in the device's storage.

Learn more

Token payload

A license token contains the following data:

{
  "license": {
    "key": "ABCDE-ABCDE-ABCDE-ABCDE-ABCDE",
    "productId": "p_123456",
    "type": "perpetual",
    "expiresAt": null,
    "createdAt": 1684521573, // Unix timestamp in seconds
    "maxDevices": 5,
    "email": null
  },
  "device": {
    "identifier": "some_device_id",
    "name": "My device",
    "activationDate": 1684521573 // Unix timestamp in seconds
  }
}

There are also some additional claims in the token, such as exp (expiration time) and iat (issued at time). It is signed using the ES256 algorithm.

API Reference

Get license token

Generate a new signed license token.

Get license token public key

Get the public key used to verify license tokens for a product.

Next

Subscriptions

Next

Products

On this page