License Management

RustBill provides a complete license management system for distributing and validating software licenses.

Overview

The license system supports:

Auto-generated unique license keys
Per-device activation tracking with configurable limits
Feature-based licensing (boolean flags and numeric limits)
Expiration dates
Public verification endpoints (no auth required)

Creating Licenses

Admin API


POST /api/licenses
Content-Type: application/json
 
{
  "customerId": "01JQA...",
  "productId": "01JQB...",
  "maxActivations": 3,
  "features": {
    "api_access": true,
    "premium_support": true,
    "max_users": 50,
    "modules": ["analytics", "reporting", "export"]
  },
  "expiresAt": "2027-01-15T00:00:00Z"
}

Key Format

License keys are auto-generated in the format:


RUSTBILL-XXXX-XXXX-XXXX

Keys are unique and indexed for fast lookup.

Integrating License Checks

Basic Verification

Call the public verify endpoint from your software:


POST /api/licenses/verify
Content-Type: application/json
 
{
  "licenseKey": "RUSTBILL-XXXX-XXXX-XXXX"
}

Response:


{
  "valid": true,
  "status": "active",
  "features": {
    "api_access": true,
    "max_users": 50
  },
  "expiresAt": "2027-01-15T00:00:00Z"
}

This endpoint is public (no authentication required) so your software can call it directly.

Activation-Based Validation

For per-device licensing, use the validate endpoint:


POST /api/licenses/validate
Content-Type: application/json
 
{
  "licenseKey": "RUSTBILL-XXXX-XXXX-XXXX",
  "deviceId": "hw-fingerprint-abc123",
  "deviceName": "John's MacBook Pro"
}

This:

Verifies the license is valid
Checks if the device is already activated
If new, registers the activation (if under limit)
Returns validation result

Error when limit reached:


{
  "valid": false,
  "error": "activation_limit_reached",
  "maxActivations": 3,
  "currentActivations": 3
}

Managing Activations

View Activations


GET /api/licenses/:key/activations

Revoke Activation


DELETE /api/licenses/:key/activations/:deviceId

Useful when a customer replaces a device.

License Lifecycle

Status	License checks return	Can activate
`active`	`valid: true`	Yes
`suspended`	`valid: false`	No
`expired`	`valid: false`	No
`revoked`	`valid: false`	No

Best Practices

Cache verification results — Don’t call the verify endpoint on every app launch. Cache for 24-48 hours with a background refresh.
Graceful degradation — If the license server is unreachable, use the cached result. Don’t lock out paying customers due to network issues.
Device fingerprinting — Use a stable hardware identifier (machine ID, disk serial) rather than volatile identifiers (IP address, hostname).
Feature flags — Use the features field to control access to specific modules rather than creating multiple licenses per customer.