Endpoint
POST /api/license/check Headers
Authorization: Bearer <license-key>— requiredx-product-version: 1.2.3— optional, enables changelog filteringContent-Type: application/json
Request body
{
"UserName": "player-name",
"Product": "product-id",
"UserID": "unique-user-id",
"IncludeAllChangelog": false
} Status codes
Every response includes a status field in the JSON body. The HTTP status code may
differ from the application status for some errors.
| Status | HTTP | Meaning |
|---|---|---|
800 | 200 | License is valid. Returns product info, enabled addition IDs, and optional changelog entries. |
801 | 801 | License not found — the API key does not exist. |
802 | 802 | License exists but is not active. |
803 | 803 | Product mismatch — key is registered to a different product. |
804 | 804 | Unauthorized IP — request IP is not on the license allowlist. |
805 | 805 | API key is missing from the Authorization header. |
806 | 806 | Product field is missing from the request body. |
807 | 807 | UserID field is missing from the request body. |
808 | 806 | Username field is missing from the request body. |
810 | 500 | Internal server error. |
Success response
{
"status": 800,
"message": "License is valid",
"isValid": true,
"active": true,
"disabled": false,
"info": {
"Product": "my-product",
"authIP": "1.2.3.4",
"extraIPs": [],
"additions": ["A7K2"],
"requestIP": "1.2.3.4",
"allowAnyIp": false
},
"product": { "name": "...", "version": "1.0.0" },
"changelog": []
} When autoActivateOnFirstCheck is enabled in site settings, an inactive license
with no bound IP will activate automatically on the first successful check from a valid IP.
Example (curl)
curl -X POST https://your-domain/api/license/check \
-H "Authorization: Bearer YOUR-LICENSE-KEY" \
-H "Content-Type: application/json" \
-H "x-product-version: 1.0.0" \
-d '{"UserName":"server","Product":"my-product","UserID":"srv-01"}'