Licensing is how software products enforce access control. A well-designed license system balances security with low friction for legitimate users.
License Key Architecture
A license key is essentially a signed token. The server generates a key, stores it with associated permissions (expiry, seats, features), and validates it on each request.
Key Generation
import secrets, string
def generate_license_key(prefix='ZP'):
chars = string.ascii_uppercase + string.digits
segments = [prefix] + [''.join(secrets.choice(chars) for _ in range(5)) for _ in range(4)]
return '-'.join(segments)
# e.g. ZP-A3K2P-X9M4Q-R7T2W-B5N8ZMachine ID Locking
Prevent key sharing by binding a license to a specific machine's hardware fingerprint:
import hashlib, platform, uuid
def get_machine_id():
raw = f"{platform.node()}{platform.processor()}{uuid.getnode()}"
return hashlib.sha256(raw.encode()).hexdigest()[:32]On first activation, store the machine ID with the license. On subsequent checks, verify it matches.
License Validation API
@app.route('/api/validate', methods=['POST'])
def validate_license():
key = request.json.get('key')
machine_id = request.json.get('machine_id')
license = db.execute(
"SELECT * FROM licenses WHERE license_key=? AND status='active'", (key,)
).fetchone()
if not license:
return jsonify({'valid': False, 'reason': 'Invalid key'}), 403
if license['machine_id'] and license['machine_id'] != machine_id:
return jsonify({'valid': False, 'reason': 'Machine mismatch'}), 403
if license['order_end'] and license['order_end'] < datetime.utcnow().isoformat():
return jsonify({'valid': False, 'reason': 'Expired'}), 403
return jsonify({'valid': True})Additional Features Worth Building
- License transfer (allow users to change machines)
- Offline grace period (verify every N days, work offline in between)
- Feature flags per license tier
- Usage analytics
ZeroPhantom's tool suite is built on a full SaaS license management system.