> ## Documentation Index > Fetch the complete documentation index at: https://docs.lukittu.com/llms.txt > Use this file to discover all available pages before exploring further. # Verify License > This endpoint is used to validate a license key with the Lukittu backend. Typically, you should call this endpoint when your software starts and act based on the response provided. **Important Note**: If you are using a programming language that supports loading business logic code remotely (e.g., Java with a Remote ClassLoader), you should not use this endpoint. Instead, use the "classloader" endpoint for enhanced security. ## OpenAPI ````yaml /api-reference/openapi.json post /api/v1/client/teams/{teamId}/verification/verify openapi: 3.0.1 info: title: Lukittu API description: > The Lukittu API provides comprehensive license management and verification services for software products. ## Authentication **Client Endpoints** (`/api/v1/client/*`): No authentication required. These are public endpoints for license verification. **Developer Endpoints** (`/api/v1/dev/*`): Require API key authentication via Bearer token. ## API Types - **Client API**: Used by your software to verify licenses, send heartbeats, and download releases - **Developer API**: Used for programmatic license management from your backend systems ## Rate Limiting All endpoints are rate-limited to prevent abuse. If you exceed the rate limit, you'll receive a 429 status code. ## Response Format All responses follow a consistent format with `data` and `result` objects: ```json { "data": {}, // Response data (null for errors) "result": { "timestamp": "2023-09-15T14:30:00Z", "valid": true, "details": "Human-readable message", "code": "SUCCESS_CODE" // Optional error/success code } } ``` version: 1.0.0 contact: name: Lukittu Community url: https://discord.lukittu.com servers: - url: https://app.lukittu.com description: Production server security: [] tags: - name: Client - Verify description: > Client endpoints for license verification, heartbeat monitoring, and file downloads. These endpoints are used directly by your software applications. - name: Dev - Licenses description: | Developer endpoints for license management operations. These endpoints require API key authentication. - name: Dev - Customers description: | Developer endpoints for customer management operations. These endpoints require API key authentication. - name: Dev - Releases description: | Developer endpoints for release management operations. These endpoints require API key authentication. - name: Dev - Statistics description: | Developer endpoints for retrieving team usage statistics. These endpoints require API key authentication. paths: /api/v1/client/teams/{teamId}/verification/verify: post: tags: - Client - Verify summary: Verify License description: > This endpoint is used to validate a license key with the Lukittu backend. Typically, you should call this endpoint when your software starts and act based on the response provided. **Important Note**: If you are using a programming language that supports loading business logic code remotely (e.g., Java with a Remote ClassLoader), you should not use this endpoint. Instead, use the "classloader" endpoint for enhanced security. operationId: verifyLicense parameters: - $ref: '#/components/parameters/TeamId' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/VerifyLicenseRequest' responses: '200': description: Successful license verification response content: application/json: schema: $ref: '#/components/schemas/VerificationResponse' 4XX: $ref: '#/components/responses/StandardError' 5XX: $ref: '#/components/responses/StandardError' security: [] components: parameters: TeamId: name: teamId in: path required: true description: >- Your team's UUID. You can find this value in your team's settings on the Lukittu dashboard. schema: $ref: '#/components/schemas/UUID' example: 123e4567-e89b-12d3-a456-426614174000 schemas: VerifyLicenseRequest: type: object properties: licenseKey: $ref: '#/components/schemas/LicenseKey' customerId: $ref: '#/components/schemas/UUID' description: Customer UUID (required if strict customers enabled) productId: $ref: '#/components/schemas/UUID' description: Product UUID (required if strict products enabled) challenge: $ref: '#/components/schemas/Challenge' version: $ref: '#/components/schemas/Version' hardwareIdentifier: $ref: '#/components/schemas/HardwareIdentifier' branch: $ref: '#/components/schemas/BranchName' required: - licenseKey VerificationResponse: allOf: - $ref: '#/components/schemas/SuccessResponse' - type: object properties: data: $ref: '#/components/schemas/VerificationResponseData' result: allOf: - $ref: '#/components/schemas/StandardResult' - type: object properties: code: type: string enum: - VALID challengeResponse: type: string description: >- Signed challenge response (present if challenge was provided) required: - code UUID: type: string format: uuid description: UUID v4 identifier LicenseKey: type: string pattern: ^[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}-[A-Z0-9]{5}$ description: >- Lukittu license key format: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX where X is an uppercase letter (A-Z) or digit (0-9) Challenge: type: string maxLength: 1000 pattern: ^[^\s]+$ description: Client-generated random string for request signing (no spaces allowed) Version: type: string minLength: 3 maxLength: 255 pattern: ^[^\s]+$ description: Software version identifier (no spaces allowed) HardwareIdentifier: type: string minLength: 10 maxLength: 1000 pattern: ^[^\s]+$ description: Unique hardware identifier for client device (no spaces allowed) BranchName: type: string minLength: 2 maxLength: 255 pattern: ^[a-zA-Z0-9_-]+$ description: Product branch name SuccessResponse: type: object properties: data: type: object description: Response data result: allOf: - $ref: '#/components/schemas/StandardResult' - type: object properties: valid: type: boolean enum: - true description: Always true for success responses required: - data - result VerificationResponseData: type: object properties: license: type: object description: License details (included based on ReturnedFields configuration) properties: ipLimit: type: integer nullable: true description: Maximum IP addresses allowed hwidLimit: type: integer nullable: true description: Maximum hardware IDs allowed expirationType: $ref: '#/components/schemas/ExpirationType' expirationStart: $ref: '#/components/schemas/ExpirationStart' expirationDate: type: string format: date-time nullable: true expirationDays: type: integer nullable: true metadata: type: array description: License metadata (filtered by ReturnedFields) items: type: object properties: key: type: string value: type: string required: - key - value customers: type: array description: Customer details (included based on ReturnedFields configuration) items: $ref: '#/components/schemas/CustomerVerificationData' products: type: array description: Product details (included based on ReturnedFields configuration) items: $ref: '#/components/schemas/ProductVerificationData' nullable: true StandardResult: type: object properties: timestamp: type: string format: date-time description: Timestamp when the response was generated valid: type: boolean description: Indicates whether the operation was successful details: type: string description: Human-readable description of the result required: - timestamp - valid - details ErrorResponse: type: object properties: data: type: object description: Additional error-related data nullable: true result: allOf: - $ref: '#/components/schemas/StandardResult' - type: object properties: valid: type: boolean enum: - false description: Always false for error responses code: type: string description: Error code indicating the specific issue enum: - INTERNAL_SERVER_ERROR - BAD_REQUEST - LICENSE_NOT_FOUND - IP_LIMIT_REACHED - HWID_LIMIT_REACHED - PRODUCT_NOT_FOUND - CUSTOMER_NOT_FOUND - LICENSE_EXPIRED - LICENSE_SUSPENDED - TEAM_NOT_FOUND - RATE_LIMIT - HARDWARE_IDENTIFIER_BLACKLISTED - COUNTRY_BLACKLISTED - IP_BLACKLISTED - RELEASE_NOT_FOUND - FORBIDDEN - UNAUTHORIZED - INVALID_SESSION_KEY - NO_ACCESS_TO_RELEASE - RELEASE_ARCHIVED - RELEASE_DRAFT required: - code required: - result ExpirationType: type: string enum: - NEVER - DATE - DURATION description: Defines how license expiration is calculated ExpirationStart: type: string enum: - CREATION - ACTIVATION description: Defines when the license expiration countdown begins CustomerVerificationData: type: object properties: email: type: string format: email description: Customer email address fullName: type: string description: Customer full name username: type: string description: Customer username metadata: type: array description: Customer metadata (filtered by ReturnedFields configuration) items: type: object properties: key: type: string value: type: string required: - key - value ProductVerificationData: type: object properties: name: type: string description: Product name url: type: string description: Product URL latestRelease: type: object description: Information about the latest release for this product properties: version: type: string description: Latest release version createdAt: type: string format: date-time description: When the release was created required: - version - createdAt metadata: type: array description: Product metadata (filtered by ReturnedFields configuration) items: type: object properties: key: type: string value: type: string required: - key - value responses: StandardError: description: > Standard API error response. All errors follow the same `{data, result}` structure. The HTTP status code indicates the general error category, while `result.code` provides specific error details. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' ````