Skip to content

API Reference

Base URL: https://api.xp-flightdeck.com/licenses-api/v1
Always send Content-Type: application/json for POST bodies.

GET /health

Description: Service health probe.
Auth: none
200 

{ "ok": true }
cURL 
curl -sS https://api.xp-flightdeck.com/licenses-api/v1/health

GET /public-key

Description: Returns the base64-encoded Ed25519 public key used to verify token signatures.
Auth: none
200 

{ "ed25519_public_key_b64": "BASE64..." }
cURL 
curl -sS https://api.xp-flightdeck.com/licenses-api/v1/public-key

POST /activate

Description: Activate a license on a device. Enforces enabled status, email ownership, and activation quota.
Auth header: X-Client-Token
Required fields: email, license_key, device_hash, device_name
Body 

{
  "email": "pilot@example.com",
  "license_key": "ABCD-EF23-GH45",
  "device_hash": "sha256-of-device",
  "device_name": "My PC"
}
200 
{ "token": { "...": "see Guides for structure", "sig": "..." }, "mode": "full" }
Errors: 400 wrong email for license · 403 license disabled · 404 not found · 409 activation limit reached
cURL 
curl -sS -X POST   -H "X-Client-Token: $CLIENT_TOKEN"   -H "Content-Type: application/json"   https://api.xp-flightdeck.com/licenses-api/v1/activate   -d '{"email":"pilot@example.com","license_key":"ABCD-EF23-GH45","device_hash":"<sha256>","device_name":"PC"}'

POST /deactivate

Description: Deactivate a specific device for a license so the slot can be reused.
Auth header: X-Client-Token
Required fields: license_key_hash, device_hash
Body 

{ "license_key_hash": "<64-hex>", "device_hash": "sha256-of-device" }
200 
{ "message": "device deactivated", "updated": 1, "license_ref": "GH45" }
If the license is disabled: 
{ "message": "license disabled", "license_ref": "GH45", "updated": 0 }
Errors: 404 license not found · 422 invalid license_key_hash format
cURL 
curl -sS -X POST   -H "X-Client-Token: $CLIENT_TOKEN"   -H "Content-Type: application/json"   https://api.xp-flightdeck.com/licenses-api/v1/deactivate   -d '{"license_key_hash":"<64-hex>","device_hash":"<sha256>"}'

POST /admin/licenses

Description: Create a license for a user. The clear license key is returned once.
Auth header: X-Admin-Token
Required fields: email, product, edition, max_activations
Optional fields: features (array of strings)
Body 

{
  "email": "pilot@example.com",
  "product": "YourProduct",
  "edition": "Pro",
  "max_activations": 3,
  "features": ["featA", "featB"]
}
201/200 
{
  "license_key": "ABCD-EF23-GH45",
  "max_activations": 3,
  "created_at": "2025-09-01T10:00:00Z",
  "product": "YourProduct",
  "edition": "Pro",
  "features": ["featA","featB"]
}
cURL 
curl -sS -X POST   -H "X-Admin-Token: $ADMIN_TOKEN"   -H "Content-Type: application/json"   https://api.xp-flightdeck.com/licenses-api/v1/admin/licenses   -d '{"email":"pilot@example.com","product":"YourProduct","edition":"Pro","max_activations":3,"features":["featA","featB"]}'

GET /admin/licenses

Description: List licenses with activation details.
Auth header: X-Admin-Token
Query params (all optional): email, product, edition, enabled
200 

[{
  "license_key_hash": "e3b0c442...64hex",
  "license_ref": "GH45",
  "email": "pilot@example.com",
  "product": "YourProduct",
  "edition": "Pro",
  "enabled": true,
  "active_devices_count": 1,
  "max_activations": 3,
  "created_at": "2025-09-01T10:00:00Z",
  "activations": [
    { "device_hash":"<sha256>", "device_name":"My PC", "deactivated": false, "activated_at": "2025-09-01T10:10:00Z" }
  ]
}]
cURL 
curl -sS   -H "X-Admin-Token: $ADMIN_TOKEN"   "https://api.xp-flightdeck.com/licenses-api/v1/admin/licenses?email=pilot@example.com&enabled=true"

POST /admin/licenses/enable

Description: Enable/disable a license.
Auth header: X-Admin-Token
Required fields: license_key, enabled, email
Body 

{ "license_key": "ABCD-EF23-GH45", "enabled": true, "email": "pilot@example.com" }
200 
{ "message": "license enabled", "enabled": true, "license_ref": "GH45" }
If already in desired state: 
{ "message": "already enabled", "enabled": true, "license_ref": "GH45" }
cURL 
curl -sS -X POST   -H "X-Admin-Token: $ADMIN_TOKEN"   -H "Content-Type: application/json"   https://api.xp-flightdeck.com/licenses-api/v1/admin/licenses/enable   -d '{"license_key":"ABCD-EF23-GH45","enabled":true,"email":"pilot@example.com"}'

POST /admin/deactivate-device

Description: Force-deactivate a device for a license (admin override).
Auth header: X-Admin-Token
Required fields: license_key, device_hash, email
Body 

{ "license_key": "ABCD-EF23-GH45", "device_hash": "<sha256>", "email": "pilot@example.com" }
200 
{ "message": "device deactivated", "updated": 1, "license_ref": "GH45" }
cURL 
curl -sS -X POST   -H "X-Admin-Token: $ADMIN_TOKEN"   -H "Content-Type: application/json"   https://api.xp-flightdeck.com/licenses-api/v1/admin/deactivate-device   -d '{"license_key":"ABCD-EF23-GH45","device_hash":"<sha256>","email":"pilot@example.com"}'