LockHorizon API Documentation

Integrate powerful eCommerce and license management into your applications

Welcome to LockHorizon API

LockHorizon provides two powerful APIs to help you manage your digital products and license systems:

License API (v0)

Secure license verification and authentication system for protecting your software products.

  • Key verification & login
  • HWID binding & management
  • Session management
  • License variables & logging

Store API (v1)

Manage your store data, products, orders, and customer information.

  • Product management
  • Order processing
  • Customer data
  • Analytics & reporting

API Endpoints

Endpoints
License API (v0): https://lockhorizon.com/api/v0/
Store API (v1):   https://lockhorizon.com/api/v1/

Authentication

Secure your API requests with dual-secret authentication

Dual-Secret Authentication System

LockHorizon implements an enhanced security model with separate authentication secrets for each API, providing better isolation and security for your store operations.

Authentication Secrets

API Secret Type Usage Security Level
License API (v0) auth_secret License verification, session management, HWID operations High Security
Store API (v1) store_secret Store data management, products, orders, analytics Administrative

Finding Your Secrets

  1. Log into your LockHorizon dashboard
  2. Navigate to Store Settings
  3. Copy your 48-character auth_secret for License API
  4. Copy your 48-character store_secret for Store API
  5. Keep both secrets secure and never share them publicly
Security Notice: Each secret provides full access to its respective API. Treat them like passwords and never expose them in client-side code or public repositories. The dual-secret system allows you to rotate or revoke access to specific API functionality independently.
Compromised Secrets: If you believe either of your secrets has been compromised, you can refresh/regenerate new secrets from your Store Settings page in the LockHorizon dashboard. This will immediately invalidate the old secrets and generate new ones.

Request Format

Each API uses different authentication methods and secrets:

License API (v0) - Encrypted Authentication

License API uses encrypted POST requests with your auth_secret. All data is secured using enterprise-grade encryption.

HTTP
POST https://lockhorizon.com/api/v0/
Content-Type: application/x-www-form-urlencoded

auth_secret=your_48_char_auth_secret
[encrypted payload parameters]

Store API (v1) - Bearer Token Authentication

HTTP
GET https://lockhorizon.com/api/v1/products
Authorization: Bearer your_48_char_store_secret
Content-Type: application/json

SDKs & Libraries

Official SDKs and community libraries for easy integration

Official SDKs

LockHorizon provides officially maintained SDKs to simplify integration with the License API. These SDKs handle all the complexity of encryption, session management, and secure communications.

Python SDK

Full-featured Python library with async support, automatic session management, and comprehensive error handling.

View on GitHub

C++ SDK

High-performance C++ library optimized for native applications, games, and enterprise software solutions.

View on GitHub

SDK Features

  • Automatic Encryption: All data is automatically encrypted and decrypted
  • Session Management: Handles login, session validation, and logout automatically
  • HWID Detection: Platform-specific hardware ID generation
  • Error Handling: Comprehensive error handling with detailed messages
  • Thread Safety: Safe for use in multi-threaded applications
  • Retry Logic: Automatic retry on network failures
  • Rate Limiting: Built-in rate limiting compliance

Community Contributions

We welcome and appreciate community contributions for additional languages and frameworks. If you've created an SDK or wrapper for LockHorizon APIs, we'd love to hear about it and include it in our documentation as an unofficial SDK.

Contributing: Want to create an SDK for your favorite language? Check our GitHub for API specifications and contribution guidelines. High-quality, well-documented SDKs will be featured in our documentation as community contributions.

Error Codes & Troubleshooting

Common error responses and troubleshooting guide for SDK integration.

HTTP Status Codes

Status Code Meaning Description
200 OK Request successful
400 Bad Request Invalid request parameters
403 Forbidden Invalid auth_secret/store_secret or unauthorized
405 Method Not Allowed Incorrect HTTP method used
429 Too Many Requests Rate limit exceeded

Common Error Messages

Error Message Cause Solution
Invalid key or auth secret Wrong license key or auth_secret Verify your auth_secret for License API
Invalid auth secret Wrong auth_secret for License API Check your 48-char auth_secret in dashboard
Invalid store secret Wrong store_secret for Store API Check your 48-char store_secret in dashboard
HWID does not match Key bound to different hardware Reset HWID or use correct device
Session has expired Session timeout reached Re-authenticate with login method
Key has been banned Key permanently disabled Contact support or use valid key
Too Many Requests Rate limit exceeded Reduce request frequency
Need Help? If you encounter errors not listed here, check the SDK documentation on GitHub or contact support through your LockHorizon dashboard. Remember to use the correct secret for each API: auth_secret for License API and store_secret for Store API.

License API (v0)

Secure license verification and authentication system

Overview

The License API provides comprehensive license key management for protecting your software applications. It handles license verification, user authentication, HWID binding, session management, variable storage, and audit logging. All communications use enterprise-grade encryption and require your auth_secret for authentication.

Base URL

https://lockhorizon.com/api/v0/

Available Operations

Operation Type Value Description
Verify Key / Login Default (no type) Verify a license key and create authenticated session
Check Session check_session Validate an existing session
License Variables Included in login Retrieve store variables for sensitive data protection
Get HWID get_hwid Retrieve stored HWID for a key
Reset HWID reset_hwid Clear HWID binding for a key
Restore HWID restore_hwid Set specific HWID for a key
Terminate Session terminate_session End an active session
Log Action log_action Log custom actions for audit trails
Ban Key ban_key Permanently ban a license key
Security: All data transmitted to the License API is encrypted using industry-standard encryption protocols. The official SDKs handle all encryption/decryption automatically.

Verify Key / Login

Authenticate users and create secure sessions

POST /api/v0/

Description

Verifies a license key, authenticates the user, binds the key to hardware ID, and creates an authenticated session. This is the primary authentication method for your application - equivalent to a user login. Returns license variables and user information upon successful authentication.

Core Parameters

Parameter Type Required Description
key string Required User's license key (encrypted)
auth_secret string Required Your 48-character auth secret
hwid string Required User's hardware ID (encrypted)
product_id integer Required ID of the product being accessed
timestamp integer Optional Client timestamp for time validation

Success Response

JSON
{
  "status": "success",
  "message": "Key is valid",
  "session_id": "a1b2c3d4e5f6...",
  "session_expires_at": "2024-12-25 12:00:00",
  "nonce": "random_nonce_value",
  "key_expires_at": "2024-12-31",
  "variables": {
    "app_version": "1.0.0",
    "feature_flag": true,
    "secret_key": "protected_value"
  },
  "server_time": 1703512800,
  "level": 1
}

Error Response

JSON
{
  "status": "error",
  "message": "Invalid key or auth secret"
}

Check Session

Validate existing sessions without re-authentication

POST /api/v0/

Description

Validates an existing session without requiring full key verification. Use this for periodic checks to ensure the user's session is still valid and active.

Request Parameters

Parameter Type Required Description
type string Required Must be "check_session"
session_id string Required Session ID from login response
auth_secret string Required Your 48-character auth secret
nonce string Required Current session nonce
product_id integer Required ID of the product being accessed

Success Response

JSON
{
  "status": "success",
  "message": "Session is active and key is valid",
  "nonce": "new_nonce_value",
  "key_expires_at": "2024-12-31",
  "level": 1,
  "server_time": 1703512800
}
Security: Each session check returns a new nonce. Always use the latest nonce for subsequent requests to prevent replay attacks.

License Variables

Secure server-side variable storage for sensitive data

Overview

License Variables provide a secure way to store sensitive information on LockHorizon's servers instead of hardcoding values in your application. These variables are automatically returned during successful login/verification and can store configuration data, API keys, feature flags, or any other sensitive information your application needs.

Variable Types

Type Description Use Case
String Text-based values API keys, configuration values, URLs
Boolean True/false values Feature flags, enable/disable settings
File Binary file data Configuration files, certificates, assets

How Variables Work

  1. Setup: Configure variables in your LockHorizon dashboard under Store Settings
  2. Automatic Delivery: Variables are included in every successful login response
  3. Client Access: Your application receives variables and can use them immediately
  4. Security: Sensitive data stays on our servers, not in your compiled application
Security Benefit: By using License Variables, you can keep sensitive API keys, configuration data, and other secrets on LockHorizon's secure servers instead of embedding them in your application code where they could be extracted.

Example Variable Response

JSON
{
  "variables": {
    "api_endpoint": "https://api.example.com/v1",
    "premium_features": true,
    "max_users": "100",
    "secret_key": "sk_live_abc123def456",
    "config_file": "Binary data"
  }
}

Common Use Cases

  • API Keys: Store third-party API keys securely
  • Feature Flags: Enable/disable features remotely
  • Configuration: Server URLs, timeouts, limits
  • Licensing Tiers: Different features for different license levels
  • Updates: Minimum version requirements, update URLs
  • Branding: Custom themes, logos, or styling data

HWID Management

Manage hardware ID bindings for license keys

Overview

Hardware ID (HWID) management allows you to bind license keys to specific devices, preventing unauthorized sharing while providing flexibility for legitimate use cases.

POST /api/v0/

Get HWID

Retrieve the currently stored HWID for a license key.

Request Parameters

Parameter Required Description
type Required "get_hwid"
key Required License key (encrypted)
auth_secret Required Your auth secret
JSON Response
{
  "status": "success",
  "message": "HWID retrieved",
  "hwid": "ABC123-DEF456-GHI789"
}
POST /api/v0/

Reset HWID

Clear the HWID binding for a license key, allowing it to be used on a different device.

Request Parameters

Parameter Required Description
type Required "reset_hwid"
key Required License key (encrypted)
auth_secret Required Your auth secret
JSON Response
{
  "status": "success",
  "message": "HWID reset successfully"
}

Session Management

Control active sessions and prevent unauthorized access

POST /api/v0/

Terminate Session

Terminate an active session, logging the user out and requiring re-authentication.

Request Parameters

Parameter Required Description
type Required "terminate_session"
key Required License key (encrypted)
session_id Required Session ID to terminate
nonce Required Current session nonce
auth_secret Required Your auth secret
JSON Response
{
  "status": "success",
  "message": "Session terminated"
}

Log Action

Custom action logging for audit trails and monitoring

POST /api/v0/

Description

Log custom actions for audit trails and monitoring. This allows you to track specific user activities, security events, or application usage for compliance and analytics purposes.

Request Parameters

Parameter Required Description
type Required "log_action"
key Required License key (encrypted)
action_type Required Type of action being logged
action_details Optional Additional details about the action
auth_secret Required Your auth secret

Example Usage

  • Security Events: Failed login attempts, permission changes
  • Feature Usage: Premium feature access, API calls
  • Compliance: Data access, export operations
  • Analytics: User behavior, performance metrics
JSON Response
{
  "status": "success",
  "message": "Action logged successfully"
}

Ban Key

Permanently disable license keys

POST /api/v0/

Description

Permanently ban a license key and terminate all associated sessions. This is an irreversible security action used to prevent further access by compromised or misused keys.

Warning: This action is irreversible. Banned keys cannot be reactivated and all active sessions will be immediately terminated.

Request Parameters

Parameter Required Description
type Required "ban_key"
key Required License key to ban (encrypted)
auth_secret Required Your auth secret
reason Optional Reason for banning (encrypted)

Common Ban Reasons

  • Security Breach: Key compromised or unauthorized access detected
  • Terms Violation: User violated license terms or usage policy
  • Fraud: Fraudulent purchase or chargeback
  • Abuse: Excessive API usage or system abuse
JSON Response
{
  "status": "success",
  "message": "Key has been banned successfully"
}

Store API (v1)

Manage your store data and operations

Overview

The Store API provides access to your store's data including products, orders, customers, and analytics. This API uses your store_secret for authentication and is currently in development with basic functionality available.

Work in Progress: The Store API is currently under active development. Endpoints and functionality may change as we continue to improve the platform.

Base URL

https://lockhorizon.com/api/v1/

Authentication

All Store API requests require your store_secret in the Authorization header:

HTTP
Authorization: Bearer your_48_char_store_secret

Products API

Manage your store products

Note: Product management endpoints are currently basic and will be expanded with additional features.
GET /api/v1/products

List Products

Retrieve a list of all products in your store.

Authentication

HTTP Headers
Authorization: Bearer your_48_char_store_secret
JSON Response
[
  {
    "product_id": 1,
    "title": "Sample Product",
    "price": 25.00,
    "stock": null,
    "created_at": "2024-05-16 05:24:48"
  }
]
POST /api/v1/products

Create Product

Create a new product in your store.

Authentication

HTTP Headers
Authorization: Bearer your_48_char_store_secret
Content-Type: application/json

Request Body

JSON
{
  "title": "New Product",
  "price": 19.99,
  "stock": 100
}
JSON Response
{
  "message": "Product created successfully",
  "product_id": 4
}

Orders API

Access order information and transaction data

Coming Soon: Order management endpoints are planned for future releases. Current order data can be accessed through the dashboard.

Planned Features

  • Retrieve order history
  • Get order details by ID
  • Update order status
  • Process refunds
  • Track order analytics

Keys API

Manage license keys through the Store API

Note: For runtime key operations (verification, authentication, session management), use the License API (v0) with your auth_secret. This endpoint is for administrative key management using your store_secret.
GET /api/v1/keys

List Keys

Retrieve a list of license keys in your store.

Authentication

HTTP Headers
Authorization: Bearer your_48_char_store_secret
JSON Response
[
  {
    "key_id": 1,
    "key_value": "6CE3-5E57-45C7-7B12",
    "status": "Used",
    "created_at": "2024-05-17 08:39:47"
  }
]