
How it works
One integration, three moving parts — issue a license, verify it on every request, and enforce it whether your customer is online or off.
Issue
Generate a cryptographically signed license the moment a customer purchases or trials your product. Every license is forged as a tamper-evident JWT carrying identity, model, and constraint claims — named-user, seat, usage, credit-pack, node-locked, or perpetual.
Verify
Every request checks the license's signature, identity, device, and usage constraints against your rules. Verification is stateless: no license is trusted just because it was valid yesterday — every call is checked again, in real time.
Enforce
Seats, sessions, and features stay in lockstep with what was actually purchased — online or offline. Reassign a seat, bump a usage cap, or revoke a device, and enforcement updates immediately across every connected application.
One call, everywhere
Your application never reimplements seat math, device fingerprinting, or credit balances. Send the license key, get back a signed decision — the same call whether the request is online or checked against a cached offline lease.
POST /api/v1/verify
{
"licenseKey": "eyJhbGciOi...",
"deviceId": "MAC:3C:22:FB:9A:11",
"feature": "export-pdf"
}
200 OK
{
"valid": true,
"model": "seat",
"seatsUsed": 12,
"seatsAllowed": 50,
"expiresAt": "2027-01-15T00:00:00Z"
}Full lifecycle control, not just a yes/no check
A license isn't static — ForgeVIO tracks it through every state change.
Activation
Enable a license the instant it's issued or a trial converts.
Renewal
Extend validity automatically from a billing webhook, or manually from the admin console.
Reassignment
Move a seat or device from one user to another without re-issuing the license.
Suspension
Temporarily freeze access — a billing dispute, a policy flag — without losing history.
Revocation
Permanently invalidate a license, and every lease derived from it, in one call.
Expiration
Time-based invalidation enforced at the constraint level — no cron job required.
Integrate however you build
One Kernel, three ways in.
REST API
One predictable API surface for issuing, verifying, and enforcing entitlements from any backend, in any language.
SDKs
Client libraries handle JWT verification and constraint checks for you, so your app doesn't hand-roll license logic.
MCP Server
Every issuance, verification, and lifecycle action is exposed as an MCP command — so AI agents and internal tools can manage entitlements the same way a person would through the admin console.
Why build on ForgeVIO instead of rolling your own
Licensing logic is deceptively hard to get right the first time — and expensive to get wrong.
Ship in days, not quarters
Skip building signature schemes, offline lease encryption, and seat-reassignment logic from scratch — integrate the API and get back to your actual product.
One source of truth
The admin console, the customer portal, and your app all read the same entitlement state, so support and engineering never have to reconcile two systems.
Grows with your pricing
Add a usage cap, layer in a credit pack, or bind a license to a device — without shipping a new release of your application.