Check payment status (runtime, via license)

This endpoint is used at runtime (inside your app) to verify whether the current project/domain has been marked as paid, using only a License Key.

It can also optionally return paid-only injectables when payment is confirmed.

Endpoint

POST /api/v1/project/has-paid

Authentication

This endpoint uses your License Key (no API key required).

Required header

X-LICENSE-KEY: <your_license_key>

Optional headers

This endpoint may need to know the domain making the request (depending on how your license is configured).

Header
Required
Description

X-Devpayr-Domain

Sometimes

Recommended. Helps DevPayr identify the calling domain for domain-based payment checks.

Accept

No

application/json

βœ… Best practice: always send X-Devpayr-Domain in production.

Example:

X-Devpayr-Domain: yourapp.com

Request Body

This endpoint accepts a JSON body (even if empty). The β€œbehavior switches” can be sent as query params or in your request construction, but you should document them as query params since the controller reads them from the query string.

Query Parameters

Parameter
Type
Required
Description

action

string

No

Set to check_project to force a project-level check (ignores domain).

include

string

No

Set to injectables to include paid-only injectables when has_paid=true.

Examples:

  • POST /api/v1/project/has-paid?action=check_project

  • POST /api/v1/project/has-paid?include=injectables

  • POST /api/v1/project/has-paid?action=check_project&include=injectables

What this endpoint checks

DevPayr determines has_paid using one of these flows:

  1. Project-level (forced)

  • If action=check_project, response is based on the project’s paid state.

  1. Domain-level (license pinned to a domain)

  • If the license is pinned to a specific project domain, payment is checked against that domain.

  1. Domain-level (resolved from request domain)

  • Otherwise, DevPayr checks payment for the calling domain, resolved via:

    • X-Devpayr-Domain (recommended)

    • or fallback sources (if provided by the request)

If DevPayr cannot determine your domain, it returns 400.

Request Example (cURL)

Note: Injectable content (and file_path where applicable) are returned exactly as stored (encrypted). This endpoint does not decrypt injectable payloads.

Response Fields Explained

Top-level response keys

Key
Type
Description

status

string

success or error

message

string

Human-readable message

data

object | null

Payload

errors

object | null

Error details (if any)

data keys

Key
Type
Description

has_paid

boolean

Whether payment is confirmed for the evaluated target

injectables

array

Present only when include=injectables and has_paid=true

injectables[] object keys

Key
Type
Description

id

integer

Injectable ID

slug

string

Identifier slug

title

string | null

Display title

type

string

Injectable type

mode

string

Injectable mode

target_path

string | null

Where it should apply

content

string

Encrypted content

file_path

string | null

Encrypted file path (only for file-type injectables)

is_active

boolean

Whether injectable is active

only_if_paid

boolean

Whether injectable is paid-only

meta

object

Optional metadata

Error Responses

400 β€” Domain could not be determined

Returned when DevPayr needs the request domain but it couldn’t be resolved. Fix by sending X-Devpayr-Domain.

403 β€” Domain not registered under the project

Returned when a domain-level check is performed but the domain is not registered under the project.

403 β€” Invalid or expired license key

401 β€” Missing license key

PreviousDelete an injectableNextCheck payment status (via Api Key)

Last updated