๐Ÿ›ก License Manager

Secure license validation server with HMAC-signed responses, CORS allow-list, rate limiting, and a protected admin panel.

Open Admin Panel โ†’ Test API

๐Ÿ” Signed API

Every response is signed with HMAC-SHA256 to prevent tampering and replay.

๐ŸŒ CORS Whitelist

Only approved client domains can call the validation endpoint.

โฑ Rate Limited

Per-IP rate limiting blocks brute-force key enumeration.

๐Ÿ“Š Logs & Anomalies

Every request is logged; IP changes flag suspicious activity.

๐Ÿ‘ค Hardened Admin

CSRF protection, bcrypt, login lockout, and session timeout.

๐Ÿงฉ Drop-in Client

Obfuscated JS snippet locks the page until the license server approves it.

Public Endpoints

Replace yourserver.com with your domain.

GET https://yourserver.com/api/check.php?domain=DOMAIN&license_key=KEY POST https://yourserver.com/api/content.php (domain, license_key) GET https://yourserver.com/api/cron.php?token=HMAC_SECRET (cron only)

Client Integration

Add to the bottom of every protected page:

<script src="https://yourserver.com/client/license-client.min.js" defer></script>

Edit client/license-client.min.js and set API_BASE + LICENSE_KEY before shipping.

License Manager v2 ยท © 2026