License System Overview
Web3.Market includes a domain-locked license verification system that protects dApp products from unauthorized deployment. When a seller enables licensing on a product, every purchase automatically generates a unique license key. Buyers activate that key on their deployment domain, and the product verifies its authorization at runtime through the Web3.Market License API at verify.web3.market.
The license system is optional. Sellers choose whether to enable licensing on a per-product basis. Products without licensing enabled are delivered without keys or domain restrictions.
Why Domain-Locked Licensing?
Web3 products — dApps, smart contract front-ends, DeFi dashboards, NFT minting sites — are deployed to specific domains. Unlike traditional software that runs on a user’s local machine, these products are publicly accessible on the web. Without protection, a single purchase could be redeployed to unlimited domains, undermining the seller’s revenue.
Domain-locked licensing solves this by binding each purchase to a single authorized domain. The deployed dApp calls the License API to confirm it is running on an authorized domain before operating normally. This provides a lightweight, non-intrusive protection layer that respects the buyer’s right to use the product while preventing unauthorized redistribution.
How It Works
The license lifecycle follows a straightforward flow from purchase to runtime verification:
Seller enables licensing on product
|
v
Buyer purchases the product
|
v
License key auto-generated (LIC-XXXX-XXXX-XXXX-XXXX)
|
v
Buyer activates license on their domain
POST verify.web3.market/activate
|
v
Buyer deploys dApp to their domain
|
v
dApp calls License API on load
GET verify.web3.market/verify?license_key=X&domain=Y
|
v
API checks: key exists → status active → not expired
→ domain authorized → returns {valid: true/false}
|
v
dApp operates normally (valid) or shows notice (invalid)There are three participants in this system:
- Sellers enable licensing on their products and integrate the verification call into their dApp code before listing it on the marketplace.
- Buyers receive a license key after purchase, activate it on their deployment domain, and manage their licenses from the dashboard.
- Deployed dApps call the License API at runtime to verify they are authorized to run on the current domain.
License Key Format
Every license key follows a consistent format:
LIC-XXXX-XXXX-XXXX-XXXXEach X is an alphanumeric character (A-Z, 0-9). Keys are generated automatically at the time of purchase and cannot be changed. A single license key is issued per order item — if a buyer purchases three products, they receive three separate license keys.
Example key: LIC-A3F9-K2M7-P8X1-Q4R6
License Statuses
Every license has a status that determines whether it passes verification:
| Status | Description | Passes Verification |
|---|---|---|
| Active | License is in good standing and operational | Yes |
| Suspended | Temporarily disabled by the seller or platform | No |
| Revoked | Permanently invalidated (e.g., chargeback, abuse) | No |
| Expired | License has passed its expiration date | No |
Only licenses with an active status pass verification. A suspended license can be reactivated by the seller or platform administrators. A revoked license is permanent and cannot be restored.
Perpetual vs. Expiring Licenses
By default, all licenses on Web3.Market are perpetual — they do not expire and remain valid indefinitely as long as the status is active. This is the standard model for one-time purchase products.
Sellers can optionally set an expiration period on their products for subscription-style or time-limited access. When an expiration is set, the license will automatically transition to the expired status after the specified duration (e.g., 30 days, 1 year). Expired licenses fail verification until renewed.
Perpetual licenses can still be suspended or revoked by the seller or platform if the terms of service are violated. “Perpetual” refers to the time dimension only — it means the license does not have a built-in expiration date.
Verification API
The License API is served at verify.web3.market and provides two primary endpoints:
- Activate —
POST verify.web3.market/activatebinds a domain to a license key. - Verify —
GET verify.web3.market/verify?license_key=X&domain=Ychecks whether a license key is valid for a given domain.
The verification endpoint performs the following checks in order:
- Does the license key exist?
- Is the license status active?
- Has the license expired?
- Is the requesting domain authorized for this license?
If all checks pass, the API returns { "valid": true }. If any check fails, it returns { "valid": false } with a reason code.