RSA Signature Verification
Every response from our API is cryptographically signed using RSA, a robust asymmetric encryption algorithm. This signature is used to verify the authenticity of the response and ensure that it hasn’t been tampered with. Here’s how it works:- Our server signs the response data using a private key that only we possess
- Your plugin verifies the signature using our public key
- If the response data has been tampered with, the signature verification will fail.
- Modify any field in the response
- Forge a response with a different signature
- Reuse an old signature with new data
Nonce Validation
A nonce is a unique identifier that is generated for each request. It’s used to prevent replay attacks, where an attacker intercepts a valid response and sends it multiple times to bypass the license check. Here’s how it works:- Your plugin generates a random UUID to use as the nonce and includes it in the validation request
- The MC License server receives the request with your nonce and includes the exact same nonce in its response
- The server signs the response data which includes the nonce
- Your plugin verifies that the response contains exactly the same nonce it sent
- If the nonces don’t match, the response is rejected.
Status Codes
Every validation response includes astatus field indicating the outcome of the license check.
| Status | Description |
|---|---|
valid | License is valid and active |
invalid_format | License key does not match the expected format (alphanumeric + hyphens, max 36 chars) |
not_found | No license exists for the provided key and plugin ID |
expired | License has passed its expiration date |
max_ips | License has exceeded the maximum number of allowed IP addresses |
blacklisted | License key has been blacklisted |
disabled | License has been manually disabled by the plugin owner |
invalid_polymart | License failed Polymart ownership verification |
server_error | An internal server error occurred during validation |