🔍Basic License Validation

Now that you’ve created a project and issued your first license, it’s time for the real moment: validating that license inside your application.

This single step is what locks down your product, ensures paid users get access, blocks unauthorized copies, delivers injectables, and makes DevPayr… well, DevPayr.

Don’t worry — validation is simple. No complex ceremony. No mystical knowledge. Just a single call to the SDK or API, and you're done.

Let’s walk through everything properly.

🧠 How License Validation Works (In Plain English)

Every time your application starts (or on whatever schedule you choose):

1. Your app sends the license key to DevPayr

2. DevPayr checks:

   • Is the license valid?

   • Has it expired?

   • Is the domain allowed?

   • Has the usage limit been exceeded?

   • Is the environment correct?

   • Is the project fully paid?

3. DevPayr responds with:

   • has_paid: true/false

   • injectables (if paid)

   • metadata

   • any restrictions

If everything checks out → the app continues normally. If not → DevPayr triggers your chosen behavior (modal, redirect, log, silent).

That’s the entire magic.

🎯 Two Ways to Validate a License

There are two possible approaches:

1. License Key Only (most common)

Perfect for:

• Frontend apps

• Themes/plugins

• Client dashboards

• SaaS boot-time checks

• Templates or installable software

No API key required.

2. License Key + API Key (advanced)

This unlocks:

• Project management

• Domain modifications

• License creation/suspension

• Payment checks

• Injectable uploads

• Admin-like access from your backend

Use this ONLY on a secure backend — never in frontend code.

🧪 OPTION 1 — Validate Using License Key Only

This is the simplest and most common method. Examples below for Node.js, PHP, Python, and Browser (Frontend).

🟦 Node.js Example

import { DevPayr } from '@xultech/devpayr';

DevPayr.bootstrap({
  license: 'YOUR-LICENSE-KEY',
  secret: 'YOUR-SHARED-SECRET', // for injectables
  base_url: 'https://api.devpayr.com',
  action: 'boot',
  injectables: true,

  onReady: (response) => {
    console.log("✅ License Valid:", response);
  },

  invalidBehavior: 'modal' // or 'redirect', 'silent', 'log'
});

🐘 PHP Example

require_once 'vendor/autoload.php';

use DevPayr\DevPayr;
use DevPayr\Exceptions\DevPayrException;

try {
    DevPayr::bootstrap([
        'license'        => 'YOUR-LICENSE-KEY',
        'injectables'    => true,
        'invalidBehavior'=> 'modal'
    ]);

    echo "License valid. Project is paid.";
} catch (DevPayrException $e) {
    echo "DevPayr error: " . $e->getMessage();
}

🐍 Python Example

from devpayr import DevPayr

DevPayr.bootstrap({
    "license": "YOUR-LICENSE-KEY",
    "secret": "your-secret",
    "injectables": True,
    "onReady": lambda data: print("✅ License valid:", data),
    "invalidBehavior": "modal" 
})

🟨 Frontend Example (Highly Flexible)

The frontend SDK lets you name your config anything you want. DevPayr auto-detects it.

All of the following examples work:

window.sdkConfig = {
  license: 'YOUR_LICENSE_KEY',
  onReady: () => console.log('sdkConfig ok')
};

window._devSettings = {
  lk: 'LICENSE_123ABC',
  debug: true,
  onReady: () => console.log('settings ok')
};

window.anythingYouWant = {
  license: 'LICENSE_SOMETHING',
  injectables: true,
  onReady: () => console.log('custom config ok')
};

💡 Tip: The frontend SDK is intentionally flexible. You can hide it, disguise it, or embed it inside your existing JS. Great for making it harder for non-technical users to “edit out” licensing.

🧪 OPTION 2 — Validate Using License Key + API Key

(Advanced, Backend Only)

When you combine an API key with your license key, DevPayr turns into a full backend client.

You can now:

• Manage domains

• List or create licenses

• Upload injectables

• Fetch project data

• Check payment history

• Access advanced endpoints

🔐 Node.js Example

DevPayr.bootstrap({
  license: 'YOUR-LICENSE-KEY',
  api_key: 'YOUR-API-KEY',
  secret: 'YOUR-SECRET',
  injectables: true,
  action: 'boot',

  onReady: (res) => console.log('Ready:', res)
});

// Service classes now available
const projectService = DevPayr.projects();
const licenseService = DevPayr.licenses();
const domainService = DevPayr.domains();
const injectableService = DevPayr.injectables();
const paymentService = DevPayr.payments();

💡 Tip: Think of the API key as “full DevPayr power mode.” Only use it in secure backend servers.

🌐 Validating via Raw HTTP (cURL)

If you’re not using an SDK (embedded systems, Go, Rust, etc.), you can validate with plain HTTP.

🔑 Validate Using License Key Only

Endpoint:

POST /api/v1/project/has-paid

Header Example

curl -X POST "https://api.devpayr.dev/api/v1/project/has-paid?include=injectables" \
  -H "Accept: application/json" \
  -H "X-LICENSE-KEY: DP-XXXX-XXXX-XXXX" \
  -H "X-Devpayr-Domain: yourappdomain.com"

Body Example

curl -X POST "https://api.devpayr.dev/api/v1/project/has-paid" \
  -H "Content-Type: application/json" \
  -H "X-Devpayr-Domain: yourappdomain.com" \
  -d '{"license":"DP-XXXX-XXXX-XXXX"}'

🔐 Validate Using API Key

Endpoint:

GET /api/v1/project/{project_id}/has-paid

curl -X GET "https://api.devpayr.dev/api/v1/project/42/has-paid?action=check_project&include=injectables" \
  -H "Accept: application/json" \
  -H "X-API-KEY: YOUR_API_KEY" \
  -H "X-Devpayr-Domain: yourappdomain.com"

📄 Example Response

{
    "status": "success",
    "message": "Success",
    "data": {
        "has_paid": true,
        "injectables": [
            {
                "id": 1,
                "slug": "js-script",
                "title": "Js Script",
                "type": "file",
                "mode": "inject",
                "target_path": "public/scripts/js/",
                "content": "9zqzVFr42Qep5uhlnE1jczo6TTIvcEVYVFdoeTN0NmFiWGZuYTdVT1czZ1krblJrNWlMWFc0SFNhbGxrbGlUSDkwNHdVM01oV2pRT0ptaDVNV2c2ZmFVQVh2L3IvMVZjM2VmTkZXcmtyZEpKRUN4ZVo4YkxQeVB4SjZ5VVFqS2Z1eDk1bUQ2SWRDTDBFbzRPbHRtd1dQTkl3c1h3NFloakdpTFdZc2FhSlRqZmxXWEV6N0tmNktCUXdDaEpINGNHOUtJTGc3Q2ZudWtlTzdnNUVjbWpkbFlpNWlMb0NOK1puKzl3WldySTRqdHozRzlkUVlGUG9vbjF5b3JucWpKamFyVSsxajl1d1Yxc25WOUNLdGhqcVpBK3JyQm9MVkYwM3grS0VhWldLRWtDVnl4Y1RIWVZiWlNjRDk1NVNRRDlvdUtRR0xEYktrZ1lZeXJoN1FnbUh3WXJJTU1TekF3RDkyanNON3FSOUJTdkw4a0JWckZqUXd1ZXg2bHNKeVlGU3Y2cktWd2ZOTHA5K3dYQXoxNWJSb2hPdER2R0Q3YnRDWGRjT0MzZWU5bTVJVXpsWXJkQzRqSFpBeW5jdnIvQVl6ZHRFdHMycnBnTi9nMnNPQ1RNUGsxQ3JTd05Say96N1pzYjBjTGtQOHhDeWdhbzVObnEwVWlSSlp0M1VzSitCbzFmLzlNektTc21hOFNMZmhxM01TRTFpSkwwR3FTblRGVDhsTmVUY2EyM2FuZStvbzNkeCsxRGhHZWRIbEJ2ZVY0Q1NzV096Y1dqWXZMUWVzNG9uSk1LV2VKaU9QNURqUjYwN1M0dnZWckw1cUZKUmE4dXVNeG9tZko0UVVGT0svSjJMaWwzS2txUC8yWWhabGg2WFZJSUhrRDBkUWlPWVpQU0M5dG5Uck9PaFFlOE04MWd0dU83cVU3enFPUjNOYWpsNDFOSERTV0xHbVFPQjRqMUl4WldHbk5JdDVCSTNBQWh1UWhJL3VqQms3RlQ3dzRKaGUwZVIyU0ZlUjA3RllITEwrc2ZyRmtScSt6bWt6UDUvZkppREM5YjR6bGRMbll5RkZRNEpZREFXNGtvZldGbUQvZGJjaG1lVlBvZDRKeHNRb0NOOGwrRFAwalRld09FbUNmZkhPYzRTTDV0MGV5QU52Y0VBbXRkQ2d5RzVYQXhvdUdJUzlRbWN4Mlg2Q2hLWXc3dEV1U21PTU83M3Z2aEdXUitFRDZlMmNwcVEvS3BuOWVBPT0=",
                "file_path": "9Wa2Xqo0jgxe22mSYpblCjo6MUpSRTdhM3VQckdDOW9Za2ZxdFVtUVVuYXVDck1odDJKRi9SL1ZMTTlXZ3orYnl6MGpPMEpKSWt1U2NWVWVTZXhjVHlXeWZwQmRtNTJRZk81TVJpQVE9PQ==",
                "is_active": true,
                "only_if_paid": true,
                "meta": {
                    "uploaded_by": "email@gmail.com",
                    "sdk_type": "file",
                    "env_hint": "production"
                }
            }
        ]
    },
    "errors": null
}

🧭 Summary

Method	Best For	Requires API Key?
License Key Only	Frontend, SaaS runtime checks, themes, plugins	❌ No
License + API Key	Backend systems, dashboards, automation	✔️ Yes
Raw HTTP	Custom environments, servers without SDKs	Optional

🎉 You Just Validated Your First License

At this point:

• Your project is set up

• Your license is issued

• Validation is working

• Injectables are delivered (if any)

• DevPayr is officially connected to your app