General Workflow with WebAPI

I am not sure to understand the full workflow of license checking with WebAPI.

Assume I have created a product and a license in the Cryptlex user interface.
I know my account ID, my user ID, the product ID and the license key.

The following is my understanding. Please correct if needed.

In the app I want to protect, I have to activate the license (step 1).
So, I have to make a POST call to /Activations, giving the required parameters, including the fingerprint (computed by my code), product id, account id, license key, etc.
The result is a 200 HTTP code, with the body a JSON array, with 1 entry for this activation. This entry has some fields like licenseId, leaseExpiresAt, productId and metadata.

Then, I have to check if the license is still active by regularly querying for its status (step 2).
So, I have to make a GET call /licenses/{licenseId} and I get the fields revoked, suspended, validity, expiresAt which give me the information needed to act.

Is this correct?
The following remarks/questions come to mind:

  1. There is no fingerprint involved in the license check in step 2. What is the purpose of the fingerprint.
  2. There is no file involved with the use of the API.
  3. I tested the above workflow with PostMan and I get very strange results:
    a. I activate a license with a given key and product id and get a 200 result with a different product id and a license id matching another license key.
    b. If I mess up the userId, productId or accountId field, I still get a 200 result with the same values.
    Note that I am testing with a trial account that is about to expire (my company did buy a full Cryptlex license but I did not want to “pollute” the official account with test data).

I did make tests with a custom program built with LexActivator and activated some licenses, but this should not interfere with PostMan.

Thank you for clarifications.

Hi Jean,

We usually do not recommend using Web API directly. Thats the reason we built LexActivator. The flow you mentioned is not correct. Please refer to the following:

Thank you. I missed this page in the docs.
And I found my issue with PostMan. I now get an access token when activating a license.