> ## Documentation Index
> Fetch the complete documentation index at: https://docs.authforge.cc/llms.txt
> Use this file to discover all available pages before exploring further.

# SDK Overview

> Install the official AuthForge SDK for Python, C#, C++, Rust, Go, or Node.js from package managers and registries.

The AuthForge SDK handles license validation, HWID fingerprinting, cryptographic signature verification, and background heartbeats.

## Available SDKs

<CardGroup cols={3}>
  <Card title="Python SDK" icon="python" href="/sdk/python">
    **`authforge-sdk`** on PyPI

    Python 3.9+; `cryptography` pulled in automatically.
  </Card>

  <Card title="C# SDK" icon="microsoft" href="/sdk/csharp">
    **`AuthForge`** on NuGet

    .NET 6+ with `BouncyCastle.Cryptography`.
  </Card>

  <Card title="C++ SDK" icon="c" href="/sdk/cpp">
    **CMake library** from GitHub

    C++17, libsodium, OpenSSL, libcurl.
  </Card>

  <Card title="Rust SDK" icon="code" href="/sdk/rust">
    **`authforge`** on crates.io

    Rust 1.70+, blocking HTTP via `ureq`.
  </Card>

  <Card title="Go SDK" icon="go" href="/sdk/go">
    **`github.com/AuthForgeCC/authforge-go`**

    Go 1.21+, standard library only.
  </Card>

  <Card title="Node.js SDK" icon="node-js" href="/sdk/node">
    **`@authforgecc/sdk`** on npm

    Node.js 18+, zero runtime dependencies.
  </Card>
</CardGroup>

## Official installs

| SDK     | Install command                                               | Registry / source                                                                                          |
| ------- | ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------- |
| Python  | `pip install authforge-sdk`                                   | [PyPI; authforge-sdk](https://pypi.org/project/authforge-sdk/)                                             |
| C#      | `dotnet add package AuthForge`                                | [NuGet; AuthForge](https://www.nuget.org/packages/AuthForge/)                                              |
| Rust    | `cargo add authforge`                                         | [crates.io; authforge](https://crates.io/crates/authforge)                                                 |
| Node.js | `npm install @authforgecc/sdk`                                | [npm; @authforgecc/sdk](https://www.npmjs.com/package/@authforgecc/sdk)                                    |
| Go      | `go get github.com/AuthForgeCC/authforge-go@vX.Y.Z`           | [GitHub; authforge-go](https://github.com/AuthForgeCC/authforge-go) (module path; pin a release tag)       |
| C++     | CMake: clone / release tarball, or `FetchContent` from GitHub | [GitHub; authforge-cpp](https://github.com/AuthForgeCC/authforge-cpp) (no C++ registry: build from source) |

## How it works

All SDKs implement the same flow:

1. **Initialize**: Create a client with your App ID, App Secret, and heartbeat mode.
2. **Login or validate-only**: Call `login(licenseKey)` (or `Login`, etc.) for a long-lived session: the SDK collects the machine's HWID (or uses `hwidOverride`), generates a nonce, and sends `/auth/validate`. For **bots, cron, or per-request checks**, use the validate-only API (**`validateLicense`** in Node, **`validate_license`** in Python and Rust, **`ValidateLicense`** in C# / C++ / Go): same request and signature verification, **no heartbeat** and **no persisted session** on the client (C++ returns a result struct; others match their `login` result shape or a dedicated result type).
3. **Verify the validate response**: The SDK verifies the Ed25519 signature on `/auth/validate` using your app's configured `publicKey`.
4. **Heartbeat**: After `login`, a background thread runs at the configured interval (default 15 minutes). `/auth/heartbeat` success responses are also Ed25519-signed and verified with the same app public key. Validate-only calls do not start this loop.
5. **Failure**: If authentication or a heartbeat fails, the SDK calls your `onFailure` callback with a reason (`"login_failed"` or `"heartbeat_failed"`) and the exception. If no callback is set, the process exits.

## Common constructor parameters

Every SDK accepts the same conceptual parameters, named according to each language's conventions. The table below shows the logical parameter names; see each SDK's page for exact syntax.

| Parameter           | Type     | Default                              | Description                                                                                                |
| ------------------- | -------- | ------------------------------------ | ---------------------------------------------------------------------------------------------------------- |
| `appId`             | string   | required                             | Your application ID from the dashboard                                                                     |
| `appSecret`         | string   | required                             | Your application secret                                                                                    |
| `publicKey`         | string   | required                             | Your app Ed25519 public key (base64)                                                                       |
| `heartbeatMode`     | string   | required                             | `"SERVER"` or `"LOCAL"`                                                                                    |
| `heartbeatInterval` | integer  | `900`                                | Seconds between heartbeat checks (any value ≥ 1 is supported)                                              |
| `apiBaseUrl`        | string   | `https://auth.authforge.cc`          | Override the API base URL                                                                                  |
| `onFailure`         | callback | `null`                               | Called on auth/heartbeat failure with `(reason, exception)`                                                |
| `requestTimeout`    | integer  | `15`                                 | HTTP request timeout in seconds                                                                            |
| `ttlSeconds`        | integer  | `null` / `0` (server default: 86400) | Requested session token lifetime. Server clamps to `[3600, 604800]`. Preserved across heartbeat refreshes. |

## Billing model

All SDKs follow the same billing rules:

* Each successful `login()` / `Login()` or **`validateLicense`**-style call costs **1 credit** (one `/auth/validate` debit).
* Heartbeats cost **1 credit per 10 successful calls** (debited on every 10th heartbeat). Any `heartbeatInterval ≥ 1s` is economically safe.
* Revocations take effect on the **next** heartbeat regardless of the configured interval.

See [Managing Credits](/best-practices/credit-management) for usage estimates and cost-saving patterns.

## Next steps

* Choose your SDK: [Python](/sdk/python), [C#](/sdk/csharp), [C++](/sdk/cpp), [Rust](/sdk/rust), [Go](/sdk/go), or [Node.js](/sdk/node)
* Read the [SDK Best Practices](/sdk/best-practices) for error handling, offline mode, and UX guidance
