Authentication
The Web3.Market License API supports two authentication methods depending on the endpoint you are calling. Public license endpoints use License Key authentication, while user-scoped endpoints use Sanctum Bearer Token authentication.
Base URLs
| Environment | Base URL | Auth Method |
|---|---|---|
| License API (public) | https://verify.web3.market | License Key |
| User API (authenticated) | https://api.web3.market | Sanctum Bearer Token |
All API responses are returned as Content-Type: application/json.
The License API is also available at https://api.web3.market/api/license/* as a fallback. The subdomain routing at verify.web3.market is the primary and recommended base URL.
License Key Authentication
License Key authentication is used for all public license endpoints: /activate, /verify, /deactivate, and /status. No tokens, sessions, or OAuth flows are needed. Simply include the license_key in the request body (for POST requests) or as a query parameter (for GET requests).
This authentication method is designed to be called from deployed dApps in production. Any origin is allowed — there are no CORS restrictions on license endpoints.
curl -X POST https://verify.web3.market/activate \
-H "Content-Type: application/json" \
-d '{
"license_key": "LIC-A3F9-K2M7-P8X1-Q4R6",
"domain": "myapp.example.com"
}'Required Headers for POST Requests
Content-Type: application/json
Accept: application/jsonNo Authorization header is needed. The license key in the request body or query string serves as both the identifier and the credential.
Sanctum Bearer Token Authentication
Sanctum Bearer Token authentication is used for user-scoped API endpoints such as /api/my-licenses, which returns all licenses belonging to the authenticated user. These endpoints are served from api.web3.market and require a standard Authorization header with a Bearer token.
Tokens are issued when a user logs in through the Web3.Market platform. They are long-lived session tokens managed by Laravel Sanctum.
Example Request
curl https://api.web3.market/api/my-licenses \
-H "Authorization: Bearer 1|abc123def456ghi789jkl012mno345pqr678stu901" \
-H "Accept: application/json"Required Headers
Authorization: Bearer {token}
Accept: application/jsonBearer tokens are tied to user sessions. Do not embed them in client-side code or deployed dApps. Use License Key authentication for any verification calls made from production deployments.
Choosing the Right Method
| Use Case | Auth Method | Base URL |
|---|---|---|
| Activate a license on a domain | License Key | verify.web3.market |
| Verify a license at runtime | License Key | verify.web3.market |
| Deactivate a domain from a license | License Key | verify.web3.market |
| Check license status and details | License Key | verify.web3.market |
| List all licenses for a user account | Sanctum Bearer Token | api.web3.market |
| Manage user profile and settings | Sanctum Bearer Token | api.web3.market |
For the vast majority of integration work — activating, verifying, and managing licenses in deployed products — you will use License Key authentication exclusively.