Webhooks for activating/checking license also return a license_signature, which is a HMAC-SHA256 signature of each license, allowing end-software to verify that the response really came from LicenseSpring servers, serving as a protection against fake licensing servers and/or man-in-the-middle attacks.
String which is signed using the server certificate is formed like follows
For example, for activation request:
you get a response like (shortened):
Signing string looks like this
You can download the server public key below and use it to verify license signature based on example above