API Documentation

Complete guide to integrating Authorized.lol authentication into your applications. Works with Python, C++, C#, and any language that supports HTTP requests. Features include license management, product assignment, custom key formats, session tracking, and activation-based expiry.

Quick Start
Get up and running in 5 minutes
  1. Create an account and log in to your dashboard
  2. Create a new application and copy your API key
  3. Generate a license key for testing
  4. Use the code examples below to integrate into your application
Base URL
https://authorized.lol/api/v1

Replace with your own domain if self-hosting

Authentication
All API requests require your application API key

Include your API key in the request body for all endpoints. You can find your API key in the dashboard after creating an application.

{ "api_key": "your_api_key_here", ... }
Initialize License
POST /api/v1/init

Validates a license key and creates an authenticated session. This is the first endpoint you call when a user starts your application.

Request Body

{ "api_key": "string", // Your application API key "license_key": "string", // User's license key "hwid": "string" // Hardware ID (unique device identifier) }

Success Response (200)

{ "success": true, "message": "Authentication successful", "session_token": "uuid", "expires_at": "2025-01-18T12:00:00Z", "license_expires_at": "2025-02-18T12:00:00Z", "license_key": "XXXX-XXXX-XXXX", "username": "john_doe", "email": "user@example.com", "hwid": "abc123...", "is_active": true, "is_first_activation": false, "product_id": "uuid-of-product", "product_name": "Pro Plan", "product": { "id": "uuid-of-product", "product_name": "Pro Plan", "product_slug": "pro-plan" } }

Error Response (403/404)

{ "success": false, "message": "Invalid license key" | "License expired" | "HWID mismatch" }
import requests
import hashlib
import platform

def get_hwid():
    """Generate hardware ID from machine info"""
    return hashlib.sha256(
        platform.node().encode()
    ).hexdigest()

def initialize_license(api_key, license_key):
    """Initialize and validate license"""
    response = requests.post(
        "https://your-domain.com/api/v1/init",
        json={
            "api_key": api_key,
            "license_key": license_key,
            "hwid": get_hwid()
        }
    )
    
    data = response.json()
    if data["success"]:
        return data["session_token"]
    else:
        raise Exception(data["message"])

# Usage
try:
    session = initialize_license(
        "your_api_key",
        "XXXXX-XXXXX-XXXXX-XXXXX"
    )
    print(f"Authenticated! Session: {session}")
except Exception as e:
    print(f"Authentication failed: {e}")
Validate Session
POST /api/v1/validate

Checks if a session is still valid. Call this periodically to ensure the user is still authenticated.

Request Body

{ "api_key": "string", "session_token": "string" }

Success Response (200)

{ "success": true, "message": "Session is valid", "username": "john_doe", "metadata": {}, "product_id": "uuid-of-product", "product_name": "Pro Plan" }
def validate_session(api_key, session_token):
    """Validate an active session"""
    response = requests.post(
        "https://your-domain.com/api/v1/validate",
        json={
            "api_key": api_key,
            "session_token": session_token
        }
    )
    
    data = response.json()
    return data["success"]

# Usage
if validate_session("your_api_key", session_token):
    print("Session is valid")
else:
    print("Session expired or invalid")
Validate License by Key
GET /api/v1/licenses/validate/{licenseKey}

Validates a license key directly without requiring a session. Returns full license details including the assigned product, expiration status, usage counts, and whether the key can still be redeemed. This is the recommended endpoint for retrieving the product assigned to a license key.

Headers

Authorization: Bearer YOUR_API_KEY

URL Parameters

licenseKey - The license key to validate (in the URL path)

Success Response (200)

{ "success": true, "license": { "key": "XXXX-XXXX-XXXX", "status": "active", "productId": "uuid-of-product", "productName": "Pro Plan", "productSlug": "pro-plan", "expiresAt": "2025-02-22T12:00:00Z", "createdAt": "2025-01-22T12:00:00Z", "isLifetime": false, "hwid": "abc123...", "maxRedemptions": 5, "redemptionCount": 3, "canRedeem": true, "daysRemaining": 30, "metadata": {} } }

Status Values

active - License is valid and usable

expired - License has passed its expiration date

used - License has reached its max redemptions

banned - License has been deactivated

import requests

def validate_license(api_key, license_key):
    """Validate a license key and get product info"""
    response = requests.get(
        f"https://your-domain.com/api/v1/licenses/validate/{license_key}",
        headers={"Authorization": f"Bearer {api_key}"}
    )
    
    data = response.json()
    if data["success"]:
        license = data["license"]
        print(f"Status: {license['status']}")
        print(f"Product: {license['productName']}")
        print(f"Product ID: {license['productId']}")
        print(f"Product Slug: {license['productSlug']}")
        print(f"Can Redeem: {license['canRedeem']}")
        
        # Feature gating based on product
        if license["productSlug"] == "pro-plan":
            enable_pro_features()
        elif license["productSlug"] == "basic-plan":
            enable_basic_features()
        
        return license
    else:
        raise Exception(data.get("error", "Validation failed"))

# Usage
license = validate_license("your_api_key", "XXXX-XXXX-XXXX")
product_name = license["productName"]
product_id = license["productId"]
Heartbeat
POST /api/v1/heartbeat

Updates the last activity timestamp for a session. Call this every few minutes to keep the session alive and track user activity.

Request Body

{ "api_key": "string", "session_token": "string" }

Example (Python)

import time
import threading

def heartbeat_loop(api_key, session_token):
    """Send heartbeat every 5 minutes"""
    while True:
        try:
            requests.post(
                "https://your-domain.com/api/v1/heartbeat",
                json={
                    "api_key": api_key,
                    "session_token": session_token
                }
            )
        except:
            pass
        time.sleep(300)  # 5 minutes

# Start heartbeat in background thread
thread = threading.Thread(
    target=heartbeat_loop,
    args=(api_key, session_token),
    daemon=True
)
thread.start()
Logout
POST /api/v1/logout

Terminates an active session. Call this when the user closes your application or logs out.

Request Body

{ "api_key": "string", "session_token": "string" }

Example (Python)

def logout(api_key, session_token):
    """Terminate session"""
    response = requests.post(
        "https://your-domain.com/api/v1/logout",
        json={
            "api_key": api_key,
            "session_token": session_token
        }
    )
    return response.json()["success"]
External Website: Generate Keys with Products
Complete workflow for generating licenses from your website/app

Step-by-Step Workflow

Step 1: Fetch Your Products

Call GET /api/v1/products to get all your products (Pro Plan, Basic, etc)

GET https://authorized.lol/api/v1/products
Headers: X-API-Key: your_api_key

Response:
{
  "products": [
    {
      "id": "123e4567-e89b-12d3-a456-426614174000",
      "product_name": "Pro Plan",
      "product_slug": "pro-plan"
    },
    {
      "id": "987f6543-e21a-98b7-c654-321098765432",
      "product_name": "Basic Plan",
      "product_slug": "basic-plan"
    }
  ]
}
Step 2A: Generate License with product_id (UUID)

Use the id from Step 1 as product_id

POST https://authorized.lol/api/v1/licenses/generate
Headers: 
  X-API-Key: your_api_key
  Content-Type: application/json

Body:
{
  "product_id": "123e4567-e89b-12d3-a456-426614174000",
  "username": "customer123",
  "expires_in_days": 30
}

Response:
{
  "success": true,
  "licenses": [{
    "license_key": "XXXX-XXXX-XXXX",
    "product_id": "123e4567-e89b-12d3-a456-426614174000",
    "product_name": "Pro Plan"
  }]
}
Step 2B: Or use product_name directly (NEW!)

Skip the UUID lookup - just send the product name directly

POST https://authorized.lol/api/v1/licenses/generate
Headers: 
  X-API-Key: your_api_key
  Content-Type: application/json

Body:
{
  "product_name": "Pro Plan",    ← Just use the name!
  "username": "customer123",
  "expires_in_days": 30
}

Response:
{
  "success": true,
  "licenses": [{
    "license_key": "XXXX-XXXX-XXXX",
    "product_id": "123e4567-e89b-12d3-a456-426614174000",
    "product_name": "Pro Plan"
  }]
}
✓ Important Notes
  • Two ways to assign products: Use product_id (UUID) OR product_name (string)
  • product_name is easier: No need to fetch UUIDs first - just send "Pro Plan"
  • The API automatically returns both product_id and product_name in responses
  • Both product fields are optional - omit for unassigned licenses
  • All other fields (max_uses, expires_in_days, etc) work independently
Complete Python Examples

Method 1: Using product_name (Simplest - Recommended for Rebrand)

import requests

API_KEY = "your_api_key"
BASE_URL = "https://authorized.lol"

# Just send the product name directly!
response = requests.post(
    f"{BASE_URL}/api/v1/licenses/generate",
    headers={
        "X-API-Key": API_KEY,
        "Content-Type": "application/json"
    },
    json={
        "product_name": "ELITEGG",  # ← Just the name!
        "username": "customer@email.com",
        "expires_in_days": 30,
        "max_uses": 5
    }
)

result = response.json()
license_key = result["licenses"][0]["license_key"]
product_name = result["licenses"][0]["product_name"]

print(f"Created {product_name} license: {license_key}")

Method 2: Using product_id (If you need UUID)

import requests

API_KEY = "your_api_key"
BASE_URL = "https://authorized.lol"

# Step 1: Fetch products to get UUID
response = requests.get(
    f"{BASE_URL}/api/v1/products",
    headers={"X-API-Key": API_KEY}
)
products = response.json()["products"]

# Find product by name
pro_plan = next(p for p in products if p["product_name"] == "Pro Plan")
pro_plan_id = pro_plan["id"]

# Step 2: Generate license with UUID
response = requests.post(
    f"{BASE_URL}/api/v1/licenses/generate",
    headers={
        "X-API-Key": API_KEY,
        "Content-Type": "application/json"
    },
    json={
        "product_id": pro_plan_id,  # ← Use UUID
        "username": "customer@email.com",
        "expires_in_days": 30
    }
)

result = response.json()
print(f"Created license: {result['licenses'][0]['license_key']}")
Generate License Key
POST /api/v1/licenses/generate

Generate a new license key programmatically. Requires API key authentication via X-API-Key header.

Request Headers

X-API-Key: your_application_api_key

Request Body

{ "username": "john_doe", // Optional "email": "user@example.com", // Optional "max_uses": 5, // Optional: null = unlimited "expires_in_seconds": 2592000, // Optional: expires in 30 days (in seconds) "expires_in_days": 30, // Alternative: expires in 30 days "product_id": "uuid", // Optional: assign by product UUID "product_name": "Pro Plan", // Alternative: assign by product name "key_format": "****-****-****", // Optional: custom format "prefix": "PROD", // Optional: key prefix "expire_on_activation": true // Start timer on first use }

Note: Use either product_id (UUID) or product_name (string). If both are provided, product_id takes precedence.

Success Response (200)

{ "success": true, "count": 1, "licenses": [ { "license_key": "PROD-A1B2-C3D4-E5F6", "expires_at": "2025-02-22T12:00:00Z", "product_id": "uuid", "product_name": "Pro Plan" } ], "expire_on_activation": true }

Example (cURL)

curl -X POST https://authorized.lol/api/v1/licenses/generate \
  -H "X-API-Key: your_api_key" \
  -H "Content-Type: application/json" \
  -d '{
    "username": "john_doe",
    "expires_in_days": 30,
    "product_id": "uuid-of-your-product",
    "expire_on_activation": true
  }'
Bulk Generate Licenses
POST /api/v1/licenses/bulk

Generate multiple license keys at once. Maximum 1000 licenses per request. All generated licenses will share the same configuration (same product, expiration, etc).

Request Body

{ "quantity": 100, // Required: 1-1000 "username": "batch_user", // Optional "expires_in_days": 30, // Optional: or use expires_in_seconds "prefix": "BULK", // Optional "product_id": "uuid", // Optional: assign by product UUID "product_name": "Pro Plan", // Alternative: assign by product name "expire_on_activation": true // Optional }

Note: Use either product_id or product_name to assign products.

Success Response (200)

{ "success": true, "count": 100, "licenses": [ "BULK-A1B2-C3D4-E5F6", "BULK-F7G8-H9I0-J1K2", ... ], "expire_on_activation": true }
Get License Info
POST /api/v1/licenses/info

Retrieve detailed information about a license key including expiry, usage, and status.

Request Body

{ "api_key": "string", "license_key": "string" }

Success Response (200)

{ "success": true, "license": { "license_key": "XXXX-XXXX-XXXX", "status": "active", "is_active": true, "hwid": "abc123...", "hwid_locked": true, "username": "john_doe", "current_uses": 3, "max_uses": 5, "usage_remaining": 2, "expiry": { "expires_at": "2025-02-22T12:00:00Z", "days_remaining": 30, "hours_remaining": 12, "is_expired": false }, "created_at": "2025-01-22T12:00:00Z", "last_used_at": "2025-01-22T14:30:00Z", "product_id": "uuid-of-product", "product_name": "Pro Plan", "product": { "id": "uuid-of-product", "product_name": "Pro Plan", "product_slug": "pro-plan" } } }
Reset HWID
POST /api/v1/licenses/reset-hwid

Reset the hardware ID binding for a license, allowing it to be used on a different device.

Request Body

{ "api_key": "string", "license_key": "string" }

Success Response (200)

{ "success": true, "message": "HWID reset successfully" }
Manage Products
GET/POST /api/v1/products

Create and manage products to organize your licenses by different tiers, plans, or applications.

List Products (GET)

GET /api/v1/products Headers: X-API-Key: your_api_key Response: { "success": true, "products": [ { "id": "uuid", "product_name": "Pro Plan", "product_slug": "pro-plan", "description": "Premium features", "status": "active" } ] }

Create Product (POST)

POST /api/v1/products Headers: X-API-Key: your_api_key Body: { "product_name": "Pro Plan", "product_slug": "pro-plan", // Optional: auto-generated "description": "Premium features", "is_active": true }

Update Product (PATCH)

PATCH /api/v1/products/{product_id_or_slug} Headers: X-API-Key: your_api_key Body (all fields optional): { "product_name": "NEW-BRAND-NAME", // Update product name "product_slug": "new-brand-slug", // Auto-generated if name changes "description": "Updated description", "is_active": true } Response: { "success": true, "product": { "id": "uuid", "product_name": "NEW-BRAND-NAME", "product_slug": "new-brand-slug", "description": "Updated description", "status": "active" }, "message": "Product updated successfully" } Note: Supports lookup by UUID or slug in URL
Retrieving Product from a License
How to get the product assigned to a license key in your application

When a license key has a product assigned, the product information is returned in three endpoints: /api/v1/init, /api/v1/validate, and /api/v1/licenses/info. Use these fields to determine which product tier or plan the user has access to.

Product Fields in Responses

// Available in /api/v1/init and /api/v1/licenses/info: "product_id": "uuid", // Unique product ID "product_name": "Pro Plan", // Human-readable name "product": { // Full product object "id": "uuid", "product_name": "Pro Plan", "product_slug": "pro-plan" // URL-safe slug } // Available in /api/v1/validate: "product_id": "uuid", "product_name": "Pro Plan" // If no product is assigned, these fields will be null.
import requests

def get_product_from_license(api_key, license_key, hwid):
    """Initialize license and retrieve assigned product"""
    response = requests.post(
        "https://your-domain.com/api/v1/init",
        json={
            "api_key": api_key,
            "license_key": license_key,
            "hwid": hwid
        }
    )
    
    data = response.json()
    if data["success"]:
        session_token = data["session_token"]
        product_name = data.get("product_name")
        product = data.get("product")
        
        if product:
            print(f"Product: {product['product_name']}")
            print(f"Slug: {product['product_slug']}")
            # Enable features based on product
            if product["product_slug"] == "pro-plan":
                enable_pro_features()
            elif product["product_slug"] == "basic-plan":
                enable_basic_features()
        else:
            print("No product assigned to this license")
        
        return session_token, product
    else:
        raise Exception(data["message"])

# Alternative: Get product via license info endpoint
def get_product_info(api_key, license_key):
    """Get product info without creating a session"""
    response = requests.post(
        "https://your-domain.com/api/v1/licenses/info",
        json={
            "api_key": api_key,
            "license_key": license_key
        }
    )
    
    data = response.json()
    if data["success"]:
        license = data["license"]
        return {
            "product_id": license.get("product_id"),
            "product_name": license.get("product_name"),
            "product": license.get("product")
        }
    return None
Best Practices
  • Store the session token securely and never expose it to end users
  • Implement heartbeat calls every 5-10 minutes to track active usage
  • Always call logout when your application closes to clean up sessions
  • Handle network errors gracefully and retry failed requests
  • Cache the HWID to avoid regenerating it on every request
  • Validate sessions periodically to detect expired or revoked licenses
  • Never hardcode API keys - load them from environment variables or config files
  • Use expire_on_activation for pre-generated keys that users redeem later
  • Assign products to licenses for better organization and analytics
  • Use custom key formats to match your branding (e.g., MYAPP-****-****)
Error Codes
401 Unauthorized

Invalid API key

403 Forbidden

License expired, disabled, or HWID mismatch

404 Not Found

License key or session not found

500 Internal Server Error

Server error - contact support

Need Help?

If you have questions or need assistance integrating Authorized.lol, we're here to help!