Skip to main content
LicentricDocs
DashboardLog in

Resources

Frequently Asked Questions

Answers to common questions about Licentric licensing behavior, integrations, and platform capabilities.

Questions

What happens when a license expires?

The behavior depends on the policy's expirationStrategy setting:

  • RESTRICT_ACCESS (default) — Validation returns EXPIRED and the SDK reports the license as invalid. The application should restrict access to licensed features.
  • ALLOW_ACCESS — Validation returns EXPIRED but the license is still considered valid. Useful for subscription renewals where you want to allow a grace period.
  • REVOKE — The license is automatically moved to the revoked status, which is permanent. Use this for strict enforcement.

Can a customer use one license on multiple devices?

Yes. The number of allowed devices is controlled by the maxMachines setting in the license's policy. Each device must be activated with a unique fingerprint. When the limit is reached, new activations are rejected with MACHINE_LIMIT_EXCEEDED until an existing device is deactivated.

How does offline licensing work?

Licentric supports air-gapped environments through Ed25519-signed license files:

  • Call the checkout endpoint to download a signed license file bound to a specific machine fingerprint.
  • The file is valid for a configurable TTL (default: 14 days).
  • Your application verifies the file's Ed25519 signature locally — no network needed.
  • Before the TTL expires, the application should reconnect to download a fresh file.
  • The policy must have offlineAllowed set to true.

What's the difference between test and live API keys?

Test keys (lk_test_ prefix) access a completely isolated test dataset. They are intended for development and automated testing. Live keys (lk_live_ prefix) access production data. The two environments are fully separate — licenses, products, and policies created with test keys do not appear in the live environment, and vice versa.

How do I migrate from Keygen or Cryptlex?

Use the Import Data feature in the dashboard to upload a CSV of your existing licenses, products, and customers. The import tool maps common fields automatically. For complex migrations, use the REST API to programmatically create resources in bulk.

What's the difference between suspending and revoking a license?

Suspended licenses are temporarily disabled and can be reinstated at any time. Validation returns SUSPENDED and the license is considered invalid, but the license record is preserved. Revoked licenses are permanently disabled — they cannot be reinstated. Use suspend for billing issues or temporary holds; use revoke for abuse, refunds, or permanent termination.

How do webhooks work?

Register an HTTPS endpoint in the dashboard under Settings → Webhooks. When a licensing event occurs (license.created, machine.activated, license.expired, etc.), Licentric sends an HTTP POST to your endpoint with the event payload. Each payload includes an HMAC-SHA256 signature in the X-Webhook-Signature header for verification.

  • Webhooks are retried with exponential backoff on failure (up to 3 attempts).
  • Events are delivered at least once — your handler should be idempotent.
  • Use the event ID to detect and skip duplicate deliveries.

Can I use Licentric without Stripe?

Yes. The Stripe integration is optional and handles billing automation (creating licenses on subscription start, suspending on payment failure, etc.). Without Stripe, you manage license creation and lifecycle manually through the API or dashboard. All core licensing features work independently.

What counts as an 'active license' for plan limits?

An active license is any license that has not been deleted (soft-deleted) and has not expired. Suspended licenses count toward the limit because they can be reinstated. Revoked and banned licenses also count. Only soft-deleted and expired licenses are excluded from the count.

Is there a rate limit for validation?

Yes. The default rate limit is 60 requests per minute per IP address for all API endpoints, including validation. The SDKs include built-in validation caching to reduce the number of API calls. For high-volume applications, increase the cache TTL or use webhook-based invalidation to refresh only when state changes.

Need more help?
Check the Troubleshooting guide for specific error codes, or the Glossary for terminology definitions.
Policy Templates