OnyxAuth

Getting Started

Get up and running with license validation in under 5 minutes.

1Create an Account

Sign up at /register with email or Discord. You get 10 free licenses immediately.

2Create a Project

A "Default Project" is created automatically when you sign up. Projects organize your licenses and API keys. Think of them as separate applications (e.g., "My Game", "My SaaS"). You can create more from the dashboard sidebar or via the API.

POST/api/v1/projects
Create a projectbash
curl -X POST https://onyxauth.xyz/api/v1/projects \
  -H "Content-Type: application/json" \
  -H "Cookie: session-token=..." \
  -d '{ "name": "My Game" }'

3Get Your API Key

Go to /api-keys in your dashboard and create a new API key. Save it because it's only shown once.

Keys are formatted as lic_live_... for production and lic_test_... for testing.

4Create a License

Create a license from your dashboard or via the API:

POST/api/v1/licenses
Create a licensebash
curl -X POST https://onyxauth.xyz/api/v1/licenses \
  -H "Content-Type: application/json" \
  -H "Cookie: session-token=..." \
  -d '{
    "productName": "My App",
    "projectId": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
    "maxActivations": 1,
    "expiresAt": "2026-12-31T23:59:59Z"
  }'
Responsejson
{
  "success": true,
  "data": {
    "id": "550e8400-e29b-41d4-a716-446655440000",
    "key": "A3F9-KM7X-P2VB-8NQT",
    "productName": "My App",
    "status": "active",
    "maxActivations": 1,
    "currentActivations": 0,
    "expiresAt": "2026-12-31T23:59:59.000Z"
  }
}

5Validate in Your App

Add license validation to your software. The validation endpoint is public, so no API key is needed (the license key itself identifies the owner).

POST/api/v1/validate

Example

JavaScriptjavascript
async function validateLicense(clientId, licenseKey, fingerprint) {
  const response = await fetch('https://onyxauth.xyz/api/v1/validate', {
    method: 'POST',
    headers: { 'Content-Type': 'application/json' },
    body: JSON.stringify({ clientId, licenseKey, fingerprint })
  });

  const { success, data, error } = await response.json();
  if (!success) {
    console.error('Validation failed:', error.code);
    return false;
  }
  return data.valid;
}

// valid = await validateLicense("proj_aBcDeFgHiJkLmNoPqRsTuVwX", "A3F9-KM7X-P2VB-8NQT", fp);

6Collect Hardware Fingerprint

Send as many hardware identifiers as you can. More components = stronger hardware binding. The system tolerates minor changes (RAM upgrade, new network card) but prevents full hardware swaps.

Fingerprint objectjson
{
  "fingerprint": {
    "cpu": "Intel Core i7-12700K",
    "mac": ["00:11:22:33:44:55", "AA:BB:CC:DD:EE:FF"],
    "disk": "S5GXNG0N123456",
    "motherboard": "MS-7D25",
    "bios": "BIOS-V1.40",
    "uuid": "4C4C4544-0042-4810-8053-C2C04F305132"
  }
}

All fields are optional. Send what you can collect. With 4+ components, the system requires 75% to match. With fewer, it allows at most 1 mismatch.