The REST API is the bridge between your software and your WordPress store’s license system. Instead of your customers manually entering keys on a website, your software can automatically call the API to verify a key, activate it on a specific device, check how many activations are remaining, and deactivate it when no longer needed.
What Is the API and Do You Need It?
Think of the API as a private phone line between your software and your store. Every time a customer opens your software, it can quietly call this phone line to ask: “Is this license key still valid?” The store answers yes or no. The whole thing happens in the background in less than a second – your customer never sees it.
You need the API if you want your software to automatically verify licenses when it starts up, block use if the key has expired, or prevent sharing by limiting activations to a set number of devices. If you only need to show keys to customers without any automated verification, you do not need the API.
Setting up the API integration requires a developer to add code to your software. This chapter explains the concepts and endpoints in plain English so you can brief your developer clearly on what to implement.
Authentication – The API Secret Key
Every API request must include your secret API key. This proves to the server that the request is coming from your authorised software and not from someone who guessed the API URL. You find your API key in License Verification → Settings → REST API section.
Include the key in the request in one of two ways:
| Method | How to Send It | Example |
|---|---|---|
HTTP Header |
Add a header named |
X-WLV-API-Key: your-secret-key-here |
Query Parameter |
Add |
/wp-json/wlv/v1/license/verify?api_key=your-key |
Never hard-code the API key directly inside your software’s source code if you plan to distribute the software. Instead, store it in a configuration file that only your server reads. If the key is ever exposed, regenerate it immediately in Settings.
Base URL
All endpoints start from the same base URL, which you can copy from the Settings page:
https://yourstore.com/wp-json/wlv/v1
You append the specific endpoint name after this base URL. For example, to verify a license, you call: https://yourstore.com/wp-json/wlv/v1/license/verify
The Four API Endpoints
The API has four endpoints, each performing a specific action on a license key. All four accept requests using the POST method with a JSON body (your developer will know what this means). Verify and Status also work with GET requests for simple lookups.
license/verify
- Verify License – Check whether a license key is valid right now.
- When to use it: Every time the software starts up, or when the customer enters their key during setup. It answers one question: “Does this key exist and is it currently active and not expired?”
- What you send:
{ "license_key": "XXXX-XXXX-XXXX-XXXX" } - What you get back: A success response if the key is valid, or an error if it is expired, revoked, or does not exist.
license/status
- License Status – Get full details about a license key including active devices and remaining slots.
- When to use it: When you want to show the customer their license details inside your software’s settings or about page – how many activations they have used and how many are left.
- What you send:
{ "license_key": "XXXX-XXXX-XXXX-XXXX" } - What you get back: Key status, expiry date, total activations allowed, activations currently used, and a list of active instances. You can also pass an
instance_idto check just one specific device.
license/activate
- Activate – Register a specific device or domain as using this license key.
- When to use it: When the customer installs your software on a new device and enters their license key for the first time. This “claims” one activation slot and records which device it belongs to.
- What you send:
{ "license_key": "XXXX-...", "instance_id": "unique-device-id", "instance_label": "John's MacBook" } - What you get back: Success confirmation if the activation went through. Returns a 409 Conflict error if the license has already reached its maximum activation limit – your software should then show the user a message like “This license is already in use on the maximum number of devices.”
license/deactivate
- Deactivate – Release an activation slot when a device stops using the license.
- When to use it: When the customer uninstalls your software, or when they click a “Deactivate this device” button inside your software’s settings. This frees up the slot so the customer can activate on a different device.
- What you send:
{ "license_key": "XXXX-...", "instance_id": "unique-device-id" } - What you get back: Success confirmation that the slot has been freed.
Request Fields Summary
| Field | Required On | What It Is | Example |
|---|---|---|---|
license_key |
All endpoints |
The customer’s license key exactly as issued |
ABCD-1234-EFGH-5678 |
instance_id |
Activate, Deactivate, Status (optional) |
A unique identifier for the device or domain. Your software generates this. Must be consistent – the same device must always send the same ID. |
my-website.com, machine-12345 |
instance_label |
Activate only (optional) |
A human-friendly name for the device, shown in the admin activation list. Makes it easier to identify which device a slot belongs to. |
John’s Home PC, Staging Server |
Enabling the API
1. Go to License Verification → Settings → REST API section
Find the “Enable License API” toggle card.
2. Turn on "Enable license API"
Click the toggle so it shows as active. Without this, all API calls return a 503 error.
3. Copy your API Secret Key
Click the “Copy” button next to the API key. Share this key with your developer so they can add it to your software’s configuration.
4. Copy the Base URL
Share the Base URL (shown on the Settings page) with your developer. They will append the endpoint paths to it in your software’s code.
5. Click Save Settings
Make sure to save before leaving the page.
Tips for API Setup
- Have your developer test the API on a development or staging site first before integrating it into the live software product. Use the demo license keys from Settings → Demo Data for testing calls.
- The instance_id must be consistent for the same device. A common approach is to use the domain name for web-based software, or a unique machine fingerprint (hardware ID) for desktop software. Do not use something that changes often like an IP address.
- Always make your software handle API errors gracefully. If the API is temporarily unreachable (server is down, internet is out), your software should not immediately lock the user out. Consider a short grace period before blocking access.
- Call the
verifyendpoint on startup and periodically (e.g. once a day in the background) rather than on every single user action. This keeps the experience smooth without hammering your server with constant requests. - If you regenerate the API key in Settings, immediately update every deployed copy of your software’s configuration. Any software using the old key will start failing all API calls until updated.
You Have Completed the Documentation
You have now read through all 11 chapters of the Woo License Verification guide. Your store is ready to:
- Generate and deliver license keys automatically on every order
- Control key duration and device limits through flexible plans
- Give customers a self-service license management area in My Account
- Handle customer support requests with a built-in ticketing system
- Track exactly which devices are using each key via activation records
- Connect your software to the license system via the REST API
If you have questions or need help, visit the License Verification → Help page in your WordPress admin, or contact Webbycrown Support.