Skip to content

Software Licenses Manager API - Quick start

Base URL: https://api.xp-flightdeck.com/licenses-api/v1

What this API does

Issue and validate short-lived license tokens tied to a user’s email and device. Admins can create licenses, list them, enable/disable, and deactivate devices.

Authentication

Every request must include one of these headers: - Client endpoints: X-Client-Token: <token> - Admin endpoints: X-Admin-Token: <token>

On failure you’ll receive 401 {"detail":"invalid client/admin token"}.

Key concepts

  • License key format: XXXX-XXXX-XXXX (A–Z without O/I, digits 2–9).
  • Device binding: Activations are stored per device_hash + device_name.
  • Quota: Each license enforces max_activations; a new device beyond the quota returns 409 with counts.
  • Short-lived token: /activate returns a JSON payload + Ed25519 signature (sig). Use /public-key to verify.

Token structure (returned by /activate)

{
  "token": {
    "product": "YourProduct",
    "edition": "Pro",
    "features": ["featA", "featB"],
    "license_ref": "GH45",
    "email": "pilot@example.com",
    "max_activations": 3,
    "activations_count": 1,
    "issued_at": "2025-09-01T10:00:00+00:00",
    "expires_at": "2025-09-01T11:00:00+00:00",
    "device": { "hash": "sha256-of-device", "name": "My PC" },
    "sig": "base64-ed25519-signature"
  },
  "mode": "full"
}
  • Verify the token by fetching GET /public-key (base64 Ed25519 public key) and verifying the signature over the UTF-8 JSON bytes of the token payload (without the sig field).

Quickstart cURL (client)

Activate (required fields: email, license_key, device_hash, device_name): 

curl -sS -X POST   -H "X-Client-Token: $CLIENT_TOKEN"   -H "Content-Type: application/json"   https://api.xp-flightdeck.com/licenses-api/v1/activate   -d '{
        "email":"pilot@example.com",
        "license_key":"ABCD-EF23-GH45",
        "device_hash":"<sha256>",
        "device_name":"My PC"
      }'

Deactivate (required: license_key_hash, device_hash): 

curl -sS -X POST   -H "X-Client-Token: $CLIENT_TOKEN"   -H "Content-Type: application/json"   https://api.xp-flightdeck.com/licenses-api/v1/deactivate   -d '{
        "license_key_hash":"<64-hex>",
        "device_hash":"<sha256>"
      }'

Quickstart cURL (admin)

Create license (required: email, product, edition, max_activations; optional: features): 

curl -sS -X POST   -H "X-Admin-Token: $ADMIN_TOKEN"   -H "Content-Type: application/json"   https://api.xp-flightdeck.com/licenses-api/v1/admin/licenses   -d '{
        "email":"pilot@example.com",
        "product":"YourProduct",
        "edition":"Pro",
        "max_activations":3,
        "features":["featA","featB"]
      }'

List licenses (all query params optional: email, product, edition, enabled): 

curl -sS   -H "X-Admin-Token: $ADMIN_TOKEN"   "https://api.xp-flightdeck.com/licenses-api/v1/admin/licenses?email=pilot@example.com&enabled=true"

Enable/disable (required: license_key, enabled, email): 

curl -sS -X POST   -H "X-Admin-Token: $ADMIN_TOKEN"   -H "Content-Type: application/json"   https://api.xp-flightdeck.com/licenses-api/v1/admin/licenses/enable   -d '{
        "license_key":"ABCD-EF23-GH45",
        "enabled":true,
        "email":"pilot@example.com"
      }'

Force deactivate device (required: license_key, device_hash, email): 

curl -sS -X POST   -H "X-Admin-Token: $ADMIN_TOKEN"   -H "Content-Type: application/json"   https://api.xp-flightdeck.com/licenses-api/v1/admin/deactivate-device   -d '{
        "license_key":"ABCD-EF23-GH45",
        "device_hash":"<sha256>",
        "email":"pilot@example.com"
      }'