License Keys

To work with Gumroad's license keys, make sure you are familiar with cURL. Brush up on your skills here

What are license keys for? 

License keys are primarily used for creators selling software. The license keys correspond to purchases that a creator can verify through their own application, and then authorize or revoke access to software they've created. 

License keys will NOT help you limit access to digital audio, video, or ebook files that you are selling on Gumroad. Adding a license key to a digital product that is not software will simply add a license key to the bottom of a customer's receipt which has no effect on their purchase or ability to access their purchase.  

Setting up a product that issues license keys.

Click on a product in your Products Dashboard to open the Product drawer. Scroll down to Settings and click the Generate a unique license key per sale toggle. Then, click save changes. You can also retroactively add license keys to a product. 

How license key enforcement works

License key enforcement is completely up to you. As the seller, you can decide how many uses each key gets depending on the verify license API calls you make. Gumroad does no additional license key verification.

Remember that if you check for a valid license on each launch you will increment the usage count unless you set increment_uses_count flag to false. You can also make sure a user hasn't refunded or charged back their purchase by checking the refunded/chargebacked fields of the license verify API call response.

The license key journey

  • Create a product with "generate license key for each sale"
  • The customer will get an email about the purchase with a license key
  • The customer launch the application and input the license key somewhere in the application
  • The application sends a request to Gumroad license verification API to check the license is okay or not
  • The application receives a response from Gumroad and gets the license information (including email, product id, additional fields, create_time, subscription_time)
  • The application uses their own algorithm to check the license is okay or not

Verifying a license key in your application.

We have worked hard to make verifying your customers' license keys as easy as possible. Verifying a license key uses these parameters:

  • product_permalink (the unique permalink of the product)
  • license_key (the license key provided by your customer)
  • increment_uses_count ("true"/"false", optional, default: "true")

If your product URL is "https://gumroad.com/l/QMGY" your product_permalink would be "QMGY." We use these parameters to call the Gumroad API and verify the provided license key:

cURL example

curl https://api.gumroad.com/v2/licenses/verify \
  -d "product_permalink=QMGY" \
  -d "license_key=YOUR_CUSTOMERS_LICENSE_KEY" \
  -X POST

If the verification is successful you will receive a response similar to this:

Example response:

{
  "success": true,
  "uses": 3,
  "purchase": {
    "id": "OmyG5dPleDsByKGHsneuDQ==",
    "product_name": "licenses demo product",
    "created_at": "2014-04-05T00:21:56Z",
    "full_name": "Maxwell Elliott",
    "variants": "",
    "refunded": false,
    # purchase was refunded, non-subscription product only
    "chargebacked": false,
    # purchase was refunded, non-subscription product only
    "subscription_cancelled_at": null,
    # subscription was cancelled,
    subscription product only
    "subscription_failed_at": null,
    # we were unable to charge the subscriber's card
    "custom_fields": [],
    "email": "maxwell@gumroad.com"
  }
}

Otherwise, if verification fails, you will receive a 404 response code with an error message.

FAQ: 

Is there a way to make the API calls work in JavaScript?

Unfortunately no, not at the moment. You have to use cURL. 

When the subscription is renewed, does the value of sale_timestamp update to the date and time of the renewal? Does created_at always stay the same?

They both remain the same. 

Does the disable method cancel the customers subscription? 

No, it just disables the license key. The customers subscription can be cancelled through the Customers tab

When a user's payment fails, is "subscription_cancelled_at" null, or does it have a value?

If a user's payment fails a few times, then failed_at is set to a date time object. subscription_cancelled_at is only changed once the subscription is actually cancelled by the seller or buyer. 

When a user's payment clears after failing, does "subscription_failed_at" return null, or does it still have the value of when their payment failed?

If it's not failed and it's not cancelled (or it's cancelled but in the future) and there's no ended_at then it's active. If a payment clears after failing, failed_at is returned to null again. 

Can I use my own license keys?

Yes, but this is something you'll need to do outside of Gumroad. You either have to choose the license keys we generate or manage your license keys outside of our system. We do not have a way for you to import license keys. 

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us