Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.authforge.cc/llms.txt

Use this file to discover all available pages before exploring further.

License keys can be limited to one or more hardware IDs (HWIDs). Each successful login binds the key to a fingerprint of the user’s machine so the same key cannot be reused on unlimited PCs.

How locking works

  1. The SDK collects identifiers from the local system (details vary by language and OS APIs).
  2. The SDK hashes that material into a 64-character hex string and sends it with POST /auth/validate.
  3. The server stores that string as an opaque ID. If the license has free HWID slots, the new ID is bound. If all slots are full and this ID is not already bound, validation fails with hwid_mismatch.
You configure how many simultaneous machines a key may use (max HWID slots) when you create or edit licenses.

HWIDs are SDK-specific (important)

The same physical computer can produce different HWID strings for different AuthForge SDKs. There is no single “true” hardware fingerprint across Python, C#, C++, Rust, Go, and Node; each SDK implements collection and hashing for its own runtime and platform APIs.
What this means in practice:
  • One product, one SDK: Users get a consistent HWID for your app. Seat limits and resets behave as you expect.
  • Different apps or SDKs on one machine: If a user runs two products that each use a different AuthForge SDK (or different versions with different fingerprint logic), those products may report different HWIDs to AuthForge even on the same box. That is expected: the server only compares the string your SDK sends.
  • Support and dashboards: When you look up a license’s bound HWIDs, you are seeing per-integration identities, not a universal device serial. For blacklist entries in Security lists, the value must match the exact string produced by the SDK you ship.
For the general model (slots, binding, reset), see Core Concepts; HWID.

Disabling seat limits

Some keys are not paid licenses - internal team tools, beta cohorts, public demos. For those, you usually want one shared key that any device can activate, with no hwid_mismatch errors and no exclusive binding. AuthForge supports this as a per-license toggle: see Unlimited-seat licenses. Activations are still logged so you keep distinct-device analytics; only the seat enforcement is removed.
  • Unlimited-seat licenses: Opt out of seat enforcement on a per-license basis - shared keys with no exclusive HWID binding.
  • Blacklists & whitelists: Block or allow specific HWID strings (exact match).
  • License API: Generate keys with maxHwidSlots, reset bindings, and more.
  • SDK overview: Choose one SDK per product and keep it consistent across releases for stable fingerprints.
  • HWID override: Bind licenses to external identities (for example Telegram user IDs) instead of machine fingerprints.