How Our License System Works

One of the most common questions we get: "How does the license system protect my plugin?" Here's a transparent breakdown.

The 6 Layers

1. Obfuscation

Plugin code is obfuscated to make reverse engineering significantly harder. Variable names, strings, and control flow are transformed.

2. Runtime Encryption

Critical validation logic runs in an encrypted state. Only decrypted at runtime when needed.

The plugin doesn't just send your license key. It receives a challenge from our server, computes a response using the key, and sends it back. A stolen key alone isn't enough — the response must match.

4. JAR Integrity

We verify the plugin JAR hash. Modified or cracked versions will fail validation.

5. Watermarking

Each distributed copy contains unique identifiers. Leaked builds can be traced.

6. Kill Switch

If a license is revoked (chargeback, abuse), the plugin stops working on the next heartbeat — typically within 30 minutes.

IP Binding

By default, each license supports 3 server IPs. You can add/remove IPs from your dashboard. When a plugin starts, it sends the server IP to our license server. If the IP isn't in your allowed list, validation fails.

Heartbeat

Plugins validate on startup and every 30 minutes thereafter. This ensures revoked licenses stop working quickly without requiring a server restart.

Questions? Join our Discord or open a ticket.