Wireframe for Server-Side License Activation

Server-side app license code validation, as I imagine it, in a nutshell:

  1. Server generates license code during the purchase (via e-commerce store's FastSpring order fulfillment).
  2. App sends code to the server, requesting authentication. The app cannot unlock itself with the code, as opposed to offline licensing.
  3. Server responds with error, or an authentication token. The token can contain an expiration date if really, really want to enforce perpetual re-activation.
  4. App stores current authentication token, license code for later requests, and adheres to the token renewal policy.

If the token expires and there's no server connection, you have to figure out how punishing you want to be. I suggest you do not punish by default and assume people have good intentions.

Possible escalations:

Remote or server-side deactivation of licenses can be useful to prevent continued use after refunds.

Browse the blog archive