From 23681bc05ec4bffbf63aa000d1efff3c4a7bbf3c Mon Sep 17 00:00:00 2001 From: Keysat Date: Sat, 13 Jun 2026 06:40:08 -0500 Subject: [PATCH] Fix revocation docs: use POST /v1/validate, not a phantom license-status endpoint GET /v1/licenses/{id}/status does not exist. Revocation is checked via POST /v1/validate, which returns ok:false / reason:"revoked". --- integrate.html | 36 ++++++++++++++++++++++-------------- 1 file changed, 22 insertions(+), 14 deletions(-) diff --git a/integrate.html b/integrate.html index f3f95ad..6e3ad06 100644 --- a/integrate.html +++ b/integrate.html @@ -198,32 +198,40 @@ result = verifier.verify(license_key_from_user)

Renewals & revocation

Keysat licenses are signed at issue time and do not phone home. If a license is revoked in the admin UI, the existing key continues to verify in your app. That’s the trade-off for offline.

-

If you need revocation, ship a thin online check that runs on a cadence (e.g. once a week) against your Keysat’s revocation feed:

+

If you need revocation, ship a thin online check that re-validates the key on a cadence (e.g. once a week) against your Keysat’s POST /v1/validate. A revoked license returns ok: false with reason: "revoked":

// Optional. Run on a cadence, ignore network errors.
-async function checkRevocation(licenseId: string) {
-  const r = await fetch(`https://your-keysat.example/v1/licenses/${licenseId}/status`);
+async function checkRevocation(licenseKey: string) {
+  const r = await fetch('https://your-keysat.example/v1/validate', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ key: licenseKey }),
+  });
   if (r.ok) {
     const j = await r.json();
-    if (j.status === 'revoked') disableApp();
+    if (!j.ok && j.reason === 'revoked') disableApp();
   }
 }