Advanced/License Validation
License Validation API
Protect your software products by validating license keys from your application. When a customer purchases a serial-type product, Sellvy delivers a unique license key that you can verify server-side.
How it works
- 1You create a product of type
serialand add license keys to the stock. - 2When a customer buys your product, they receive a license key (e.g.,
XXXX-XXXX-XXXX-XXXX). - 3Your application calls the validation endpoint to check if the key is valid, used, or revoked.
POST
/v1/licenses/validateValidate a license
Check whether a license key is valid. This endpoint does not require seller authentication — it uses your store slug and the license key itself.
Request body
| Field | Type | Required | Description |
|---|---|---|---|
| store | string | Yes | Your store slug (e.g., “my-store”) |
| license_key | string | Yes | The license key to validate |
| product_id | string | No | Restrict validation to a specific product |
const res = await fetch("https://api.sellvy.io/v1/licenses/validate", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
store: "my-store",
license_key: "ABCD-1234-EFGH-5678"
})
});
const result = await res.json();
if (result.valid) {
console.log("License is valid!");
console.log("Product:", result.product_title);
console.log("Customer:", result.email);
} else {
console.log("Invalid license:", result.error);
}Response format
Valid license
json
{
"valid": true,
"license_key": "ABCD-1234-EFGH-5678",
"product_id": "prod_abc123",
"product_title": "My Software Pro",
"email": "customer@example.com",
"order_id": "ord_abc123",
"activated_at": "2025-01-15T10:30:00Z",
"expires_at": null
}Invalid license
json
{
"valid": false,
"error": "license_not_found"
}Error codes
| Error | Description |
|---|---|
| license_not_found | No license with this key exists in the store. |
| license_revoked | The license has been revoked by the seller (e.g., after a refund). |
| license_expired | The license has passed its expiration date. |
| product_mismatch | The license belongs to a different product than the one specified. |
POST
/v1/licenses/revokeRevoke a license
Revoke a license key so it no longer passes validation. Requires seller API key authentication. Commonly used after processing a refund.
const res = await fetch("https://api.sellvy.io/v1/licenses/revoke", {
method: "POST",
headers: {
"Authorization": "Bearer sk_live_...",
"Content-Type": "application/json"
},
body: JSON.stringify({
license_key: "ABCD-1234-EFGH-5678"
})
});
const result = await res.json();
console.log(result.revoked); // trueIntegration example
Here is a complete example of how to integrate license validation into your application's startup:
async function checkLicense(licenseKey) {
try {
const res = await fetch("https://api.sellvy.io/v1/licenses/validate", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
store: "my-store",
license_key: licenseKey,
product_id: "prod_my_software"
})
});
const data = await res.json();
if (!data.valid) {
console.error(`License invalid: ${data.error}`);
process.exit(1);
}
console.log(`Licensed to: ${data.email}`);
return data;
} catch (err) {
// Network error — allow offline grace period
console.warn("Could not verify license (offline)");
return null;
}
}
// On app startup
const license = await checkLicense(process.env.LICENSE_KEY);Best practices
- •Cache validation results — do not call the API on every request. Validate on startup and periodically (e.g., every 24 hours).
- •Handle offline gracefully — if the API is unreachable, allow a grace period using the last cached result.
- •Use product_id for specificity — include the product_id to ensure the key belongs to the correct product.
- •Auto-revoke on refund — use the order.refunded webhook to automatically revoke the associated license.
Was this page helpful?