Skip to main content
The AuthForge Developer API lets you manage licenses programmatically from your own backend. Use it to create licenses after Stripe payments, revoke access, manage variables, configure webhooks, and more.

Base URL

https://api.authforge.cc/v1/
All endpoints are prefixed with /v1/.

Authentication

Every request must include your API key in the Authorization header as a Bearer token: 
Authorization: Bearer af_live_your_key_here
API keys are created in the Dashboard under Settings → API Keys. Keys are prefixed with af_live_ for identification. Each key is scoped to your account and can manage licenses across all of your applications — the target app is specified per-request via the appId field or URL parameter.
API keys are shown only once when created. Store them securely. If compromised, delete the key in the dashboard and create a new one.

Rate limits

LimitValue
Burst100 requests/second
Sustained50 requests/second
If you exceed the rate limit, you’ll receive a 429 response. Back off and retry with exponential backoff.

Credits

The Developer API itself does not consume credits. Credits are only consumed by SDK authentication (validate and heartbeat calls). See Managing Credits for details.

Response format

All responses return JSON. Successful responses include the requested data directly: 
{
  "licenses": [...],
  "cursor": null
}
Error responses include an error code and a human-readable message: 
{
  "error": "not_found",
  "message": "Resource not found"
}

Pagination

List endpoints use cursor-based pagination. If more results are available, the response includes a cursor value. Pass it as a query parameter in the next request: 
# First page
curl "https://api.authforge.cc/v1/licenses?appId=YOUR_APP_ID&limit=100" \
  -H "Authorization: Bearer af_live_your_key"

# Next page
curl "https://api.authforge.cc/v1/licenses?appId=YOUR_APP_ID&limit=100&cursor=eyJsaW..." \
  -H "Authorization: Bearer af_live_your_key"
When cursor is null, you’ve reached the last page.

Endpoints

Licenses

MethodPathDescription
POST/v1/licensesCreate one or more licenses
GET/v1/licensesList licenses for an app
GET/v1/licenses/:licenseKeyGet a single license
PUT/v1/licenses/:licenseKeyRevoke, activate, extend, or reset HWID
DELETE/v1/licenses/:licenseKeyPermanently delete a license

Variables

MethodPathDescription
GET/v1/apps/:appId/variablesGet app variables
PUT/v1/apps/:appId/variablesSet app variables
GET/v1/licenses/:licenseKey/variablesGet license variables
PUT/v1/licenses/:licenseKey/variablesSet license variables

Webhooks

MethodPathDescription
POST/v1/apps/:appId/webhooksCreate a webhook
GET/v1/apps/:appId/webhooksList webhooks
PUT/v1/apps/:appId/webhooks/:webhookIdUpdate a webhook
DELETE/v1/apps/:appId/webhooks/:webhookIdDelete a webhook
POST/v1/apps/:appId/webhooks/:webhookId/testSend a test event

Security

MethodPathDescription
GET/v1/apps/:appId/securityGet security config
PUT/v1/apps/:appId/securityUpdate security config
POST/v1/apps/:appId/security/blacklistAdd to blacklist
DELETE/v1/apps/:appId/security/blacklistRemove from blacklist
POST/v1/apps/:appId/security/whitelistAdd to whitelist
DELETE/v1/apps/:appId/security/whitelistRemove from whitelist

Error codes

See the Error Codes Reference for a complete list of error codes across all endpoints.