diff --git a/integrate.html b/integrate.html
index f3f95ad..6e3ad06 100644
--- a/integrate.html
+++ b/integrate.html
@@ -198,32 +198,40 @@ result = verifier.verify(license_key_from_user)
Renewals & revocation
Keysat licenses are signed at issue time and do not phone home. If a license is revoked in the admin UI, the existing key continues to verify in your app. That’s the trade-off for offline.
- If you need revocation, ship a thin online check that runs on a cadence (e.g. once a week) against your Keysat’s revocation feed:
+ If you need revocation, ship a thin online check that re-validates the key on a cadence (e.g. once a week) against your Keysat’s POST /v1/validate. A revoked license returns ok: false with reason: "revoked":
// Optional. Run on a cadence, ignore network errors.
-async function checkRevocation(licenseId: string) {
- const r = await fetch(`https://your-keysat.example/v1/licenses/${licenseId}/status`);
+async function checkRevocation(licenseKey: string) {
+ const r = await fetch('https://your-keysat.example/v1/validate', {
+ method: 'POST',
+ headers: { 'Content-Type': 'application/json' },
+ body: JSON.stringify({ key: licenseKey }),
+ });
if (r.ok) {
const j = await r.json();
- if (j.status === 'revoked') disableApp();
+ if (!j.ok && j.reason === 'revoked') disableApp();
}
}
// Optional. Run on a cadence, ignore network errors.
-async fn check_revocation(license_id: &str) {
- if let Ok(r) = reqwest::get(format!(
- "https://your-keysat.example/v1/licenses/{}/status",
- license_id
- )).await {
- if let Ok(j) = r.json::<Status>().await {
- if j.status == "revoked" { disable_app(); }
+async fn check_revocation(license_key: &str) {
+ let body = serde_json::json!({ "key": license_key });
+ if let Ok(r) = reqwest::Client::new()
+ .post("https://your-keysat.example/v1/validate")
+ .json(&body)
+ .send()
+ .await
+ {
+ if let Ok(j) = r.json::<ValidateResp>().await {
+ if !j.ok && j.reason.as_deref() == Some("revoked") { disable_app(); }
}
}
}
# Optional. Run on a cadence, ignore network errors.
-def check_revocation(license_id):
+def check_revocation(license_key):
try:
- r = requests.get(f"https://your-keysat.example/v1/licenses/{license_id}/status", timeout=5)
- if r.json()["status"] == "revoked":
+ r = requests.post("https://your-keysat.example/v1/validate", json={"key": license_key}, timeout=5)
+ j = r.json()
+ if not j["ok"] and j.get("reason") == "revoked":
disable_app()
except Exception:
pass