CodeDevStack

Public documentation

Author License Verification API

Use the CodeDevStack Author API when your product needs to verify purchase keys from your own private license server, similar to marketplace purchase-code validation. This documentation is public; actual keys are created privately inside the author dashboard.

Open author API keys Browse products
1

Create an author key

Authors create API keys from their dashboard after login. The full key appears once, so it must be copied immediately.

2

Store key on your server

Keep the key inside a backend environment variable. Never place it inside browser JavaScript, mobile apps, downloadable ZIPs or public repositories.

3

Send purchase details

Your license server sends the buyer license key with productSlug or productId and an optional domain/fingerprint.

4

Allow access if valid

Your server unlocks updates or premium features only when the response confirms the paid purchase and active license.

Verification endpoint

Send requests from your private backend only. The author API key identifies the author account, so the API will reject license keys for products that do not belong to that author.

POST https://api.codedevstack.online/v1/author-api/verify-purchase

cURL example

curl -X POST "https://api.codedevstack.online/v1/author-api/verify-purchase" \
  -H "Authorization: Bearer YOUR_AUTHOR_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{"licenseKey":"CDSO-XXXX-XXXX-XXXX-XXXX","productSlug":"your-product-slug","domain":"client-domain.com"}'

Node server example

const response = await fetch("https://api.codedevstack.online/v1/author-api/verify-purchase", {
  method: "POST",
  headers: {
    "Authorization": `Bearer ${process.env.CODEDEVSTACK_AUTHOR_API_KEY}`,
    "Content-Type": "application/json"
  },
  body: JSON.stringify({
    licenseKey: customerLicenseKey,
    productSlug: "your-product-slug",
    domain: requestHostname
  })
});

const result = await response.json();
if (!result.valid) {
  throw new Error(result.reason || "License verification failed");
}

Security rules

Do not ship the API key inside downloadable product files.

Do not call the endpoint directly from browser JavaScript.

Use one key per production license server where possible.

Revoke old keys immediately when a server or developer changes.

Show friendly support instructions when a license is invalid, refunded or unpaid.

Response fields

valid

Boolean status showing whether the license belongs to the author product and paid purchase.

purchase

Invoice number, paid status, license type, paid date and refund window details.

license

License status, last four characters, activation limit and activation count.

product

Product ID, slug, title, version and currency.

buyer

Buyer ID, email and name for your private support/license server records.