How It Works
1
Create a license product
In your store dashboard, create a product with type Software License. Configure the lock type, max activations, and pricing plans.
2
Customer purchases
When a customer buys the product, a license key is automatically generated and delivered (e.g.,
MYAPP-XXXX-XXXX-XXXX-XXXX).3
Your software verifies
Your application calls the RMZ license verification API with the key. The API validates the key and auto-activates the device.
4
API responds
You receive the license status, plan details, activation count, and expiry information.
Reference Repository
Full working examples in Python, PHP, JavaScript, and Lua (FiveM) are available at:Step 1: Create a License Product
In your store dashboard, go to Products > New Product and configure:Lock Types
none
Key-only verification. No device binding. Any device can use the key. Best for simple products.
hwid
Locks to a hardware ID (machine fingerprint). Each unique HWID uses an activation slot. Best for desktop software.
ip
Locks to the caller’s IP address. Each unique IP uses a slot. Best for server-side applications.
Step 2: Implement Verification
The verification endpoint validates the key and auto-activates the device in a single call.Request
Implementation Examples
Success Response
Error Codes
Step 3: Generate Hardware IDs
Forhwid lock type, generate a consistent machine fingerprint by combining hardware-specific values:
Step 4: Handle E2EE (Optional)
When E2EE is enabled on your license product, all API responses are encrypted with AES-256-GCM. This prevents response tampering and man-in-the-middle spoofing.Encrypted Response Format
Decryption
Best Practices
Verification Frequency
- Verify the license once on application startup
- Optionally re-verify periodically (e.g., every 24 hours) for subscription products
- Cache the verification result locally to handle temporary network outages
- Rate limit: The API allows 60 requests per minute per IP
Security Recommendations
- Use HWID lock type for desktop applications to prevent key sharing
- Enable E2EE to prevent response tampering (someone injecting
"success": truevia a local proxy) - Obfuscate your code to make it harder to find and bypass the verification logic
- Embed verification deep in your application flow, not in a single easily-patchable function
- Combine with integrity checks to detect binary modification
- Do not store the encryption key as a visible string literal
Graceful Degradation
Handle network failures gracefully:Managing Licenses in the Dashboard
From your store dashboard under License Keys, you can:- View all issued licenses with search and filters
- Create manual licenses (for testing, promotional use)
- Revoke, suspend, or reactivate individual licenses
- Reset device activations (frees all slots)
- View activation history and verification logs
License Lifecycle
For complete API reference details, see the Licensing documentation.

