Validation
License validation is the primary edge endpoint used by your WordPress plugin to check if a license is valid.
Endpoint
POST https://api.packedge.dev/v1/licenses/validateThis is a public endpoint — no authentication required. It runs on Cloudflare Workers at the edge for low-latency responses.
Request
json
{
"license_key": "MYPLUGIN-XXXX-XXXX-XXXX-XXXX",
"product_slug": "my-plugin",
"domain": "https://example.com"
}| Field | Required | Description |
|---|---|---|
license_key | Yes | The license key to validate |
product_slug | No | Verify the key belongs to this product |
domain | No | The requesting domain (for logging) |
Response
json
{
"valid": true,
"license": {
"key": "MYPLUGIN-XXXX-XXXX-XXXX-XXXX",
"status": "active",
"seats": 5,
"activatedCount": 2,
"expiresAt": "2026-12-31T23:59:59.000Z"
},
"product": {
"id": "prd_xxx",
"name": "My Plugin",
"slug": "my-plugin"
}
}Validation Checks
The endpoint checks (in order):
- License exists — returns
valid: falseif key not found - Status is active — expired, revoked, or suspended licenses are invalid
- Not expired — checks
expiresAtagainst current time - Product match — if
product_slugis provided, verifies the license belongs to that product
Caching
Validation results are cached in Cloudflare KV for 60 seconds. This means:
- High-volume validation requests are served from cache
- License status changes take up to 60s to propagate
- Cache is invalidated when a license is activated or deactivated
PHP Example
php
function validate_license($key) {
$response = wp_remote_post('https://api.packedge.dev/v1/licenses/validate', [
'body' => json_encode([
'license_key' => $key,
'product_slug' => 'my-plugin',
'domain' => home_url(),
]),
'headers' => ['Content-Type' => 'application/json'],
]);
if (is_wp_error($response)) {
return false;
}
$body = json_decode(wp_remote_retrieve_body($response), true);
return $body['valid'] ?? false;
}