# FAQ
Will My Account Be Blocked if I Go Over My API Usage?
You may have noticed that API usage appears on the dashboard of the Vendor platform:
If the API usage goes over 100%, the progress bar will become red (and look really scary!). However, nothing bad will happen to your account. License checks still occur, nothing is throttled. However, you may want to proactively contact us to discuss upgrading your account.
Where Do I Find My Multiple Accounts?
Platform users who have access to multiple accounts will have a drop down in the top left corner.
Do All Licenses Need to Be a Part of an Order?
Yes, all licenses need to be part of an order. However, you do not need to specify an order ID to issue a license. If you do not specify an orderID when issuing a new license, then LicenseSpring will randomly generate a new orderID.
Trial licenses typically have an orderID generated by Licensespring.
How Do I Download All of the Licenses Created in LicenseSpring?
Navigate to the license summary page, and click on the "export" button in the right corner:
Select the Date Range for which you would like to export to process and click confirm:
A CSV file will automatically start downloading.
What Time Does LicenseSpring Use?
The Licensespring servers are in UTC.
What Constitutes a Device Transfer?
A License will increment the transfer count when it is deactivated from a device and then activated on another device.
{% hint style="info" %}
Even known devices will increment the transfer count. For example. Consider 2 devices, A and B. The following sequence will increment the transfer count twice:
* License is activated on A.
* License is deactivated on A
* License is activated on B
* License is deactivated on B
* License is activated on A
{% endhint %}
What Are the LicenseSpring Public Facing Endpoints?
{% hint style="warning" %}
LicenseSpring public facing endpoints are subject to change. Please check regularly for any updates.
For any additional questions contact support.
As of February 20th users.licensespring.com doesn't have a static IP
{% endhint %}
IPs:
* 34.250.134.210 (as of June 19th, 2023 09:00 GMT)
* 34.251.49.36 (as of June 19th, 2023 09:00 GMT)
* 52.18.228.254
* 54.78.102.217
| IP | License API | Mgmt API & Platform | User portal | Integrations API | Webhooks API |
| ----------------------- | ----------- | ------------------- | ----------- | ---------------- | ------------ |
| 34.250.134.210 | \* | - | \* | - | \* |
| 34.251.49.36 | - | \* | - | \* | - |
| 52.18.228.254 | \* | - | \* | - | \* |
| 54.78.102.217 | - | \* | - | \* | - |
| 2a05:d018:1735:a703::10 | \* | - | \* | - | \* |
| 2a05:d018:1735:a702::10 | - | \* | - | \* | - |
Can LicenseSpring be integrated inside Apple Store?
E.g. if you want to use free app inside AppleStore and you want to implement licensing inside app. Integration LicenseSpring is against the policy of the app store unfortunately. They tend to wall off 3rd party licensing tools ()
When the defined subscription interval has expired, the license stayed in status “Active” although the expiration date is in the past. Why is that? Shouldn't the status switch to “Expired”?
When a license expires it will still stay active. If you try to activate that license on a new device you will get error `license_expired`. When you perform `license_check` there is a field `is_expired` which will be True if license expired, otherwise False.
Can we implement a geographical location device tracking?
We recommend using a [custom field](/license-entitlements/custom-fields.md), such as `regionsAllowed`, to define entitlements. These restrictions can then be enforced locally within your own codebase or devices. Every device location can be set using [device variables](/license-api/device-variables.md).
While implementing georestrictions within the License API and providing a dedicated module in the SDK is on our roadmap, we do not have a clear ETA for this feature at the moment.
When is Anti-Clock tampering triggered? Does it stay triggered even when the customer sets their clock back to the correct time?
#### SDK
Within the SDK, any attempt to move the system clock to a past date will raise an exception. The SDK keeps track of the last time the license was used online, and if the local clock is earlier than that timestamp, the local check will fail.
#### License API
On the server side, the License API rejects requests with signatures older than 15 minutes, further preventing tampering.
How exactly does cacheHardwareID work?
SDKs cache the hardware ID internally, but each time the local license check is used, the SDK recalculates the hardware ID and verifies it against the one embedded in the license file. This ensures that users cannot simply copy the license file to another machine.
How does grace period work?
Grace period allows users to continue using the license offline for a predefined duration, providing resilience in case of temporary connectivity issues.
[SDK grace period](/sdks/tutorials/best-practices/license-checks.md)
[Subscription licenses grace period](/license-entitlements/license-types/time-limited-vs-subscription-licenses.md)
What is a required password policy for new license users and managers?
Password policy as implemented in LicenseSpring is:
* Minimum 12 characters
* 1 lowercase
* 1 uppercase
* 1 digit
* 1 special character
* it cannot be email or a recently used password in case of password reset
What is your brute force login protection policy?
To protect against unauthorized access, the system implements a login attempt limit:
* Users are allowed up to 10 consecutive incorrect password attempts.
* After 10 failed attempts, the user is temporarily blocked.
* A user can be temporarily blocked up to three times, with each block increasing in duration:
* 1st block: 15 minutes
* 2nd block: 30 minutes
* 3rd block: 45 minutes
This policy helps prevent brute-force attacks while still giving users a chance to recover from occasional login mistakes.
Why do some users see their LicenseSpring license as expired, and why must https://api.licensespring.com be allowed through our network firewall?
When is blocked for outbound HTTPS, the app cannot refresh the license state with LicenseSpring, so the local cache drifts and the license appears expired until the device can reach the API again. To validate that a user’s subscription is active, the app must reach over HTTPS (port 443). This is a secure, cloud‑hosted licensing API that only exchanges small JSON messages about license status; no inbound connections are required. When this domain is blocked, the app cannot refresh license status and may incorrectly show licenses as expired.
Why has my account been locked or disabled?
LicenseSpring enforces brute force protection on all login attempts. Accounts are temporarily or permanently locked after a number of consecutive failed login attempts.
**License Users (End User Portal)**
* After **10 failed login attempts**, the account is locked out temporarily for **15 minutes**
* Each subsequent set of 10 failed attempts increments the lockout duration by **15 minutes** (15 → 30 → 45 → 60 minutes)
* Maximum lockout duration is **1 hour**
* Failed login count resets after **1 hour** of no failed attempts
**Platform Users (Vendor Platform)**
* After **5 failed login attempts**, the account is temporarily locked out
* After **2 temporary lockouts**, the account is **permanently locked out**
* Lockout wait increments by **15 minutes** per lockout period, up to a maximum of **45 minutes**
* Failed login count resets after **1 hour** of no failed attempts
{% hint style="info" %}
These are default settings. Single-tenant customers may have customized configurations. Settings are subject to change without notice based on LicenseSpring's security policy.
{% endhint %}
If your account has been permanently locked out, contact [LicenseSpring support](https://licensespring.zendesk.com/hc/en-us/requests/new) to have it unlocked.
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.licensespring.com/frequently-asked-questions/faq.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.