GET /verify

GEThttps://verify.web3.market/verifyLicense Key120 requests/min

Verify that a license key is valid for a specific domain. This is the most frequently called endpoint — designed to be invoked from deployed dApps at runtime.

This is the hot path endpoint. It has the highest rate limit (120 requests/minute) because it is called by every deployed dApp on every page load or initialization. Cache results on the client side when possible to minimize API calls.

Query Parameters

Parameter	Type	Description
`license_key`*	string	The license key to verify. `Example: LIC-A3F9-K2M7-P8X1-Q4R6`
`domain`*	string	The domain to verify against. Automatically normalized (protocol, path, port stripped; lowercased). `Example: myapp.example.com`

Example Requests

curl "https://verify.web3.market/verify?license_key=LIC-A3F9-K2M7-P8X1-Q4R6&domain=myapp.example.com"

Success Response

Status: 200 OK

{
  "valid": true,
  "license": {
    "expires_at": null
  }
}

The expires_at field is null for perpetual licenses or an ISO 8601 datetime string for time-limited licenses.

Error Responses

All error responses return "valid": false with an error code explaining why verification failed.

Invalid License Key

Status: 404 Not Found

{
  "valid": false,
  "error": "invalid_key"
}

Invalid Domain

Status: 200 OK

{
  "valid": false,
  "error": "invalid_domain"
}

The license key exists but the requested domain has not been activated on this license.

Suspended License

Status: 200 OK

{
  "valid": false,
  "error": "suspended"
}

Revoked License

Status: 200 OK

{
  "valid": false,
  "error": "revoked"
}

Expired License

Status: 200 OK

{
  "valid": false,
  "error": "expired"
}

Integration Pattern

The typical integration pattern for verify is to call the endpoint once when the dApp initializes and cache the result for the session:

async function checkLicense() {
  const LICENSE_KEY = 'LIC-A3F9-K2M7-P8X1-Q4R6';
  const domain = window.location.hostname;
 
  try {
    const res = await fetch(
      `https://verify.web3.market/verify?license_key=${LICENSE_KEY}&domain=${domain}`
    );
    const data = await res.json();
 
    if (!data.valid) {
      // Handle invalid license
      // Options: show a notice, disable premium features, redirect
      console.warn(`License invalid: ${data.error}`);
      return false;
    }
 
    // License is valid — store result for the session
    sessionStorage.setItem('license_verified', 'true');
    return true;
  } catch (error) {
    // Network error — decide how to handle
    // Some apps allow a grace period; others require verification
    console.error('License verification failed:', error);
    return false;
  }
}

⚠️

Do not block your entire application on the verification call. If the API is temporarily unreachable, consider implementing a grace period or cached fallback so users are not locked out during transient network issues.

Best Practices

Cache verification results — Store the result in sessionStorage or in-memory state so you do not call the API on every page navigation within the same session.
Call on initialization only — Verify once when the app loads, not on every route change or component render.
Use window.location.hostname — This ensures the domain sent to the API matches the actual deployment domain after normalization.
Handle network errors gracefully — Implement a timeout and fallback behavior for cases where the API is unreachable.
Do not expose the license key in client-side source — While the key itself is not a secret (it only authorizes a specific domain), avoid making it trivially extractable. Consider server-side verification where possible.

POST /activate POST /deactivate