The AuthForge SDK handles license validation, HWID fingerprinting, cryptographic signature verification, and background heartbeats.Documentation Index
Fetch the complete documentation index at: https://docs.authforge.cc/llms.txt
Use this file to discover all available pages before exploring further.
Available SDKs
Python SDK
authforge-sdk on PyPIPython 3.9+; cryptography pulled in automatically.C# SDK
AuthForge on NuGet.NET 6+ with BouncyCastle.Cryptography.C++ SDK
CMake library from GitHubC++17, libsodium, OpenSSL, libcurl.
Rust SDK
authforge on crates.ioRust 1.70+, blocking HTTP via ureq.Go SDK
github.com/AuthForgeCC/authforge-goGo 1.21+, standard library only.Node.js SDK
@authforgecc/sdk on npmNode.js 18+, zero runtime dependencies.Official installs
| SDK | Install command | Registry / source |
|---|---|---|
| Python | pip install authforge-sdk | PyPI; authforge-sdk |
| C# | dotnet add package AuthForge | NuGet; AuthForge |
| Rust | cargo add authforge | crates.io; authforge |
| Node.js | npm install @authforgecc/sdk | npm; @authforgecc/sdk |
| Go | go get github.com/AuthForgeCC/authforge-go@vX.Y.Z | GitHub; authforge-go (module path; pin a release tag) |
| C++ | CMake: clone / release tarball, or FetchContent from GitHub | GitHub; authforge-cpp (no C++ registry: build from source) |
How it works
All SDKs implement the same flow:- Initialize: Create a client with your App ID, App Secret, and heartbeat mode.
- Login or validate-only: Call
login(licenseKey)(orLogin, etc.) for a long-lived session: the SDK collects the machine’s HWID (or useshwidOverride), generates a nonce, and sends/auth/validate. For bots, cron, or per-request checks, use the validate-only API (validateLicensein Node,validate_licensein Python and Rust,ValidateLicensein C# / C++ / Go): same request and signature verification, no heartbeat and no persisted session on the client (C++ returns a result struct; others match theirloginresult shape or a dedicated result type). - Verify the validate response: The SDK verifies the Ed25519 signature on
/auth/validateusing your app’s configuredpublicKey. - Heartbeat: After
login, a background thread runs at the configured interval (default 15 minutes)./auth/heartbeatsuccess responses are also Ed25519-signed and verified with the same app public key. Validate-only calls do not start this loop. - Failure: If authentication or a heartbeat fails, the SDK calls your
onFailurecallback with a reason ("login_failed"or"heartbeat_failed") and the exception. If no callback is set, the process exits.
Common constructor parameters
Every SDK accepts the same conceptual parameters, named according to each language’s conventions. The table below shows the logical parameter names; see each SDK’s page for exact syntax.| Parameter | Type | Default | Description |
|---|---|---|---|
appId | string | required | Your application ID from the dashboard |
appSecret | string | required | Your application secret |
publicKey | string | required | Your app Ed25519 public key (base64) |
heartbeatMode | string | required | "SERVER" or "LOCAL" |
heartbeatInterval | integer | 900 | Seconds between heartbeat checks (any value ≥ 1 is supported) |
apiBaseUrl | string | https://auth.authforge.cc | Override the API base URL |
onFailure | callback | null | Called on auth/heartbeat failure with (reason, exception) |
requestTimeout | integer | 15 | HTTP request timeout in seconds |
ttlSeconds | integer | null / 0 (server default: 86400) | Requested session token lifetime. Server clamps to [3600, 604800]. Preserved across heartbeat refreshes. |
Billing model
All SDKs follow the same billing rules:- Each successful
login()/Login()orvalidateLicense-style call costs 1 credit (one/auth/validatedebit). - Heartbeats cost 1 credit per 10 successful calls (debited on every 10th heartbeat). Any
heartbeatInterval ≥ 1sis economically safe. - Revocations take effect on the next heartbeat regardless of the configured interval.