How Our License System Works
How Our License System Works
One of the most common questions we get: "How does the license system protect my plugin?" Here's a transparent breakdown.
The 6 Layers
1. Obfuscation
Plugin code is obfuscated to make reverse engineering significantly harder. Variable names, strings, and control flow are transformed.
2. Runtime Encryption
Critical validation logic runs in an encrypted state. Only decrypted at runtime when needed.
3. Challenge-Response
The plugin doesn't just send your license key. It receives a challenge from our server, computes a response using the key, and sends it back. A stolen key alone isn't enough — the response must match.
4. JAR Integrity
We verify the plugin JAR hash. Modified or cracked versions will fail validation.
5. Watermarking
Each distributed copy contains unique identifiers. Leaked builds can be traced.
6. Kill Switch
If a license is revoked (chargeback, abuse), the plugin stops working on the next heartbeat — typically within 30 minutes.
IP Binding
By default, each license supports 3 server IPs. You can add/remove IPs from your dashboard. When a plugin starts, it sends the server IP to our license server. If the IP isn't in your allowed list, validation fails.
Heartbeat
Plugins validate on startup and every 30 minutes thereafter. This ensures revoked licenses stop working quickly without requiring a server restart.
Questions? Join our Discord or open a ticket.