> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authforge.cc/llms.txt
> Use this file to discover all available pages before exploring further.

# Hardware locking (HWID)

> How AuthForge binds licenses to machines, and why HWIDs depend on which SDK you ship.

License keys can be limited to one or more **hardware IDs (HWIDs)**. Each successful login binds the key to a fingerprint of the user’s machine so the same key cannot be reused on unlimited PCs.

## How locking works

1. The **SDK** collects identifiers from the local system (details vary by language and OS APIs).
2. The SDK hashes that material into a **64-character hex string** and sends it with `POST /auth/validate`.
3. The **server** stores that string as an opaque ID. If the license has free **HWID slots**, the new ID is bound. If all slots are full and this ID is not already bound, validation fails with `hwid_mismatch`.

You configure how many simultaneous machines a key may use (**max HWID slots**) when you create or edit licenses.

## HWIDs are SDK-specific (important)

<Warning>
  **The same physical computer can produce different HWID strings for different AuthForge SDKs.** There is no single “true” hardware fingerprint across Python, C#, C++, Rust, Go, and Node; each SDK implements collection and hashing for its own runtime and platform APIs.
</Warning>

What this means in practice:

* **One product, one SDK**: Users get a consistent HWID for your app. Seat limits and resets behave as you expect.
* **Different apps or SDKs on one machine**: If a user runs two products that each use a different AuthForge SDK (or different versions with different fingerprint logic), those products may report **different** HWIDs to AuthForge even on the same box. That is expected: the server only compares the string your SDK sends.
* **Support and dashboards**: When you look up a license’s bound HWIDs, you are seeing **per-integration** identities, not a universal device serial. For blacklist entries in [Security lists](/features/security), the value must match the exact string produced by the SDK you ship.

For the general model (slots, binding, reset), see [Core Concepts; HWID](/concepts#hwid-hardware-id).

## Disabling seat limits

Some keys are not paid licenses - internal team tools, beta cohorts, public demos. For those, you usually want one shared key that any device can activate, with no `hwid_mismatch` errors and no exclusive binding. AuthForge supports this as a per-license toggle: see [**Unlimited-seat licenses**](/features/unlimited-seats). Activations are still logged so you keep distinct-device analytics; only the seat enforcement is removed.

## Related features

* **[Unlimited-seat licenses](/features/unlimited-seats)**: Opt out of seat enforcement on a per-license basis - shared keys with no exclusive HWID binding.
* **[Blacklists & whitelists](/features/security)**: Block or allow specific HWID strings (exact match).
* **[License API](/api/licenses)**: Generate keys with `maxHwidSlots`, reset bindings, and more.
* **[SDK overview](/sdk/overview)**: Choose one SDK per product and keep it consistent across releases for stable fingerprints.
* **[HWID override](/features/hwid-override)**: Bind licenses to external identities (for example Telegram user IDs) instead of machine fingerprints.
