Unknown fields. Cannot use CreateActivation without it

runo778899 · November 14, 2024, 9:39am

Hello, I want my users to be able to activate their already generated cryptlex license using the web api. However, in the docs, it says I need fingerprint, hostname, userhash, amd accountId which I do not have as the user has not activated their license before.

What can I do? Thanks

AneesKhan · November 14, 2024, 11:02am

Hi @runo778899,

Thank you for reaching out!

You can create activations through the Web API, but we recommend using LexActivator as it handles these details automatically. Could you please share your use case for using the Web API in this scenario?

runo778899 · November 14, 2024, 11:27am

Using the Web API as I generally thought it would be more secure to use a server-validator backend and my client (cpp-loader) to handle activations with SSL/TLS encryption and winsockets connecting to the server-validation route everytime a user inputs a license, instead of using LexActivator Lib. Please correct me if I’m wrong

AneesKhan · November 14, 2024, 11:48am

I want to highlight that LexActivator already includes several important security measures out of the box, which you may find valuable:

HTTPS Response Signature Verification: LexActivator verifies the signature of the HTTPS response using a 2048-bit RSA public key. This ensures that the response received from Cryptlex’s servers is authentic and has not been tampered with.
Encrypted Storage: The activation data is securely stored on the user’s machine using AES 128-bit symmetric encryption, which protects the data even if someone gains access to the device.
HTTPS for Network Requests: All network communication, including license activations, is handled over HTTPS, ensuring that the data exchanged between the client and server is encrypted during transmission.

By using LexActivator, you can take advantage of these built-in security features without the need to implement a separate server-validator mechanism yourself. Additionally, LexActivator handles all aspects of license validation, including network communication and encryption, so your client can focus on the activation logic without additional complexity.

For more clarity, please refer to https://docs.cryptlex.com/node-locked-licenses/overview#what-is-lexactivator

runo778899 · November 14, 2024, 12:25pm

Thank you so much for the reply! I’ll use the standard lexactivator-c with xorstr to compile time any binary strings for additonal security (on top of the internal checks and mutation engine functions we have for upmost security)

Onto other things - I’m thinking of creating a discord bot. However, none of my users have access to their ID, only key, which they use to activate. I thought it was pretty weird that you need an ID for most of the web api functions, instead of the key they actually use to activate (which is the entire purpose of cryptlex - an activation library)

So, could I use a license key instead of ID to lets say, delete a key? /delete-key [key], or retrieve info of a key /retrieve-info [key]

AneesKhan · November 15, 2024, 7:23am

Yes, LexActivator supports activating a license by specifying the license key.

Additionally, users can deactivate a license (i.e., remove the activation) using the DeactivateLicense() function. However, deleting the license key itself requires authorization and can be handled via REST API or admin portal, not directly by your users.

In case you’re using Rest API, To retrieve the ID of a license, you can send a request to List all licenses and use Key query Param, which will provide you the license ID. This ID can then be used to send a request to the “Delete License” endpoint to remove the license. However, this approach requires Authorization.

Thank you!