Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.authforge.cc/llms.txt

Use this file to discover all available pages before exploring further.

1. Create an account

Sign up at authforge.cc. You’ll receive free credits to get started.

2. Create an app

Go to the Dashboard and click Create App. Give it a name; this represents the software you’re protecting.

3. Copy your credentials

After creating the app, copy your App ID, App Secret, and Public Key. The secret is shown once; store it securely.
Your App Secret authenticates validate requests. Your Public Key verifies signed server responses. Keep the secret private; the public key is safe to embed in shipped SDK code.

4. Install the SDK

Add the official package for your stack (import the authforge module after pip install authforge-sdk). C++ ships as a CMake library from GitHub; see the C++ SDK page for FetchContent or find_package. Full options and versions are on each language page. 
pip install authforge-sdk
dotnet add package AuthForge
cargo add authforge
npm install @authforgecc/sdk
go get github.com/AuthForgeCC/authforge-go@v1.0.1

Python

PyPI authforge-sdk: Python 3.9+

C#

NuGet AuthForge: .NET 6+

C++

CMake + GitHub; C++17

Node.js

npm @authforgecc/sdk: Node.js 18+
TypeScript: the npm package ships authforge.d.ts; import from @authforgecc/sdk like JavaScript.

5. Add the SDK to your project

from authforge import AuthForgeClient

client = AuthForgeClient(
    app_id="YOUR_APP_ID",
    app_secret="YOUR_APP_SECRET",
    public_key="YOUR_PUBLIC_KEY",
    heartbeat_mode="SERVER",
)

license_key = input("Enter license key: ")

if client.login(license_key):
    print("Authenticated! Running app...")
    # Your app logic here; heartbeats run automatically in background
else:
    print("Invalid license key.")
    exit(1)

6. Create a license key

In the dashboard, open your app and click Generate Licenses. Set the quantity, expiration (or lifetime), and HWID slots (how many devices can use the same key). Click Generate. Copy one of the generated keys; the format is XXXX-XXXX-XXXX-XXXX.

7. Run your app

Launch your application and enter the license key when prompted. You should see “Authenticated!”; the license is now active and bound to your machine.

8. What just happened?

Here’s what the SDK did behind the scenes:
  1. Collected HWID: The SDK fingerprinted your machine by collecting stable hardware identifiers and hashing them into a SHA-256 string. The exact identifiers vary by SDK language (e.g., MAC address, CPU, disk serial, hostname).
  2. Generated a nonce: A random string to prevent replay attacks. Every request uses a fresh nonce.
  3. Sent a validate request: POST /auth/validate with your App ID, App Secret, license key, HWID, and nonce.
  4. Server validated: The server checked the license exists, is active, hasn’t expired, and the HWID is allowed (or bound it to a new slot). One credit was deducted from your account.
  5. Signed the response: The server built a JSON payload (session token, app/license variables, etc.) and signed the base64 payload with the app’s Ed25519 private key.
  6. SDK verified: The SDK verified the signature with your app’s public key (public_key). This proves the response came from AuthForge and wasn’t tampered with in transit.
  7. Heartbeats started: A background thread now sends POST /auth/heartbeat every 15 minutes (default). Each heartbeat response is also Ed25519-signed with the same app keypair, and SDK verification uses the same public key.

Next steps

  • SDK Best Practices; How to handle errors, offline mode, and graceful shutdown
  • Core Concepts; Understand HWIDs, heartbeat modes, credits, and more
  • Commerce; Connect Stripe and automate license delivery