Wireframe for Server-Side License Activation

Server-side app license code validation, as I imagine it, in a nutshell:

  1. Server generates license code during the purchase (via e-commerce store’s FastSpring order fulfillment).
  2. App sends code to the server, requesting authentication. The app cannot unlock itself with the code, as opposed to offline licensing.
  3. Server responds with error, or an authentication token. The token can contain an expiration date if really, really want to enforce perpetual re-activation.
  4. App stores current authentication token, license code for later requests, and adheres to the token renewal policy.

If the token expires and there’s no server connection, you have to figure out how punishing you want to be. I suggest you do not punish by default and assume people have good intentions.

Possible escalations:

  • The app can immediately lock itself unless re-activated. This renders the app useless if your server goes down, which it will, eventually. Same problem as with Games as a Service.
  • The app displays a warning but goes into a grace period where it is still usable. Could be weeks or months. Some polar expeditions take a while, so be lenient if you give a grace period at all.
  • The app displays a warning but doesn’t ever lock functionality. Could be a window decoration label, similar to how trial periods are sometimes displayed in the top-right corner.
  • The app doesn’t do anything in response, silently waiting for the connection to the server to come back up eventually.

Remote or server-side deactivation of licenses can be useful to prevent continued use after refunds.