FAQ
Will My Account Be Blocked if I Go Over My API Usage?
You may have noticed that API usage appears on the dashboard of the Vendor platform:
If the API usage goes over 100%, the progress bar will become red (and look really scary!). However, nothing bad will happen to your account. License checks still occur, nothing is throttled. However, you may want to proactively contact us to discuss upgrading your account.
Where Do I Find My Multiple Accounts?
Platform users who have access to multiple accounts will have a drop down in the top left corner.
Do All Licenses Need to Be a Part of an Order?
Yes, all licenses need to be part of an order. However, you do not need to specify an order ID to issue a license. If you do not specify an orderID when issuing a new license, then LicenseSpring will randomly generate a new orderID.
Trial licenses typically have an orderID generated by Licensespring.
How Do I Download All of the Licenses Created in LicenseSpring?
Navigate to the license summary page, and click on the "export" button in the right corner:
Select the Date Range for which you would like to export to process and click confirm:
A CSV file will automatically start downloading.
What Constitutes a Device Transfer?
A License will increment the transfer count when it is deactivated from a device and then activated on another device.
Even known devices will increment the transfer count. For example. Consider 2 devices, A and B. The following sequence will increment the transfer count twice:
License is activated on A.
License is deactivated on A
License is activated on B
License is deactivated on B
License is activated on A
What Are the LicenseSpring Public Facing Endpoints?
LicenseSpring public facing endpoints are subject to change. Please check regularly for any updates.
For any additional questions contact support.
As of February 20th users.licensespring.com doesn't have a static IP
IPs:
34.250.134.210 (as of June 19th, 2023 09:00 GMT)
34.251.49.36 (as of June 19th, 2023 09:00 GMT)
52.18.228.254
54.78.102.217
34.250.134.210
*
-
*
-
*
34.251.49.36
-
*
-
*
-
52.18.228.254
*
-
*
-
*
54.78.102.217
-
*
-
*
-
2a05:d018:1735:a703::10
*
-
*
-
*
2a05:d018:1735:a702::10
-
*
-
*
-
Can LicenseSpring be integrated inside Apple Store?
E.g. if you want to use free app inside AppleStore and you want to implement licensing inside app. Integration LicenseSpring is against the policy of the app store unfortunately. They tend to wall off 3rd party licensing tools (https://developer.apple.com/app-store/review/guidelines/#business)
When the defined subscription interval has expired, the license stayed in status “Active” although the expiration date is in the past. Why is that? Shouldn't the status switch to “Expired”?
When a license expires it will still stay active. If you try to activate that license on a new device you will get error license_expired. When you perform license_check there is a field is_expired which will be True if license expired, otherwise False.
Can we implement a geographical location device tracking?
We recommend using a custom field, such as regionsAllowed, to define entitlements. These restrictions can then be enforced locally within your own codebase or devices. Every device location can be set using device variables.
While implementing georestrictions within the License API and providing a dedicated module in the SDK is on our roadmap, we do not have a clear ETA for this feature at the moment.
When is Anti-Clock tampering triggered? Does it stay triggered even when the customer sets their clock back to the correct time?
SDK
Within the SDK, any attempt to move the system clock to a past date will raise an exception. The SDK keeps track of the last time the license was used online, and if the local clock is earlier than that timestamp, the local check will fail.
License API
On the server side, the License API rejects requests with signatures older than 15 minutes, further preventing tampering.
How exactly does cacheHardwareID work?
SDKs cache the hardware ID internally, but each time the local license check is used, the SDK recalculates the hardware ID and verifies it against the one embedded in the license file. This ensures that users cannot simply copy the license file to another machine.
How does grace period work?
Grace period allows users to continue using the license offline for a predefined duration, providing resilience in case of temporary connectivity issues.
What is a required password policy for new license users and managers?
Password policy as implemented in LicenseSpring is:
Minimum 12 characters
1 lowercase
1 uppercase
1 digit
1 special character
it cannot be email or a recently used password in case of password reset
What is your brute force login protection policy?
To protect against unauthorized access, the system implements a login attempt limit:
Users are allowed up to 10 consecutive incorrect password attempts.
After 10 failed attempts, the user is temporarily blocked.
A user can be temporarily blocked up to three times, with each block increasing in duration:
1st block: 15 minutes
2nd block: 30 minutes
3rd block: 45 minutes
This policy helps prevent brute-force attacks while still giving users a chance to recover from occasional login mistakes.
Why do some users see their LicenseSpring license as expired, and why must https://api.licensespring.com be allowed through our network firewall?
When https://api.licensespring.com is blocked for outbound HTTPS, the app cannot refresh the license state with LicenseSpring, so the local cache drifts and the license appears expired until the device can reach the API again. To validate that a user’s subscription is active, the app must reach https://api.licensespring.com over HTTPS (port 443). This is a secure, cloud‑hosted licensing API that only exchanges small JSON messages about license status; no inbound connections are required. When this domain is blocked, the app cannot refresh license status and may incorrectly show licenses as expired.
Why has my account been locked or disabled?
LicenseSpring enforces brute force protection on all login attempts. Accounts are temporarily or permanently locked after a number of consecutive failed login attempts.
License Users (End User Portal)
After 10 failed login attempts, the account is locked out temporarily for 15 minutes
Each subsequent set of 10 failed attempts increments the lockout duration by 15 minutes (15 → 30 → 45 → 60 minutes)
Maximum lockout duration is 1 hour
Failed login count resets after 1 hour of no failed attempts
Platform Users (Vendor Platform)
After 5 failed login attempts, the account is temporarily locked out
After 2 temporary lockouts, the account is permanently locked out
Lockout wait increments by 15 minutes per lockout period, up to a maximum of 45 minutes
Failed login count resets after 1 hour of no failed attempts
These are default settings. Single-tenant customers may have customized configurations. Settings are subject to change without notice based on LicenseSpring's security policy.
If your account has been permanently locked out, contact LicenseSpring support to have it unlocked.
How do I detect and force a password change for users with an initial password?
Password reset is implemented on the client side. When a license is activated or checked with a user-based license, the response includes an is_initial_password field.
If is_initial_password is true, the user is still on their initial password. You can use this to prompt or force the user to change their password before proceeding.
To trigger a password change, use the Change Password endpoint.
Implementation flow:
Perform a license activation or license check with the user credentials
Check the
is_initial_passwordfield in the responseIf
true, redirect the user to a password change screen in your applicationCall the Change Password endpoint with the new password
Resume normal license flow once the password has been changed
The is_initial_password field is returned as part of the license activation and license check responses when a user is present.
Last updated
Was this helpful?