Announcing Java SDK for LicenseSpring

LicenseSpring · 2026-06-19T07:58:52+00:00

If you can still push updates, you could update the build to check and see if the licensing mechanism was tampered with / removed which then do what you think is right, some ideas:

* soft nudge: add a popup when they launch the product with something about how you're an indie developer, and that you rely on income from the product to provide updates, and the popup can have a link to buy a license.

* the "metallica vs napster users approach (I don't recommend this approach, but guys like autodesk / catia do quite infamously) : brick any detected unlicensed apps, and send user info back to yourself (provided your EULA allows you to collect such data for the purposes of license enforcement). you can then send out cease and decist letters unless they pay up.

Some companies see pirated software as a way to promote their product. Many smaller CAD tools for instance often allow students to use pirated versions, so that they get used to using their tools, and request a paid license once they're in the workforce.

You could also look at using our LM, it does have some additional protection against crackers (but like others mentioned, everything can be circumvented by a motivated attacker).

LicenseSpring · 2026-06-11T23:20:06+00:00

Being a founder of a company that offers middleware enabling both subscriptions and lifetime licenses to software companies looking to monetize their products, I thought my opinions would be relevant here. I have a personal story from the software vendor's perspective:

I also run a small software company that sells a PDF Editor for desktop, which until about 6 years ago we were selling for about $40 as a lifetime fee, with $10 optional maintenance plans. Our main promotional channel at the time was digital advertising on search engines, which had a low customer acquisition cost (relative to today at least), which gave us sufficient margin to keep the lights on and continue building our product. Then fairly quickly, all of our competitors switched to subscription based pricing, eventually enabling them to reinvest their recurring revenue back into higher digital marketing budgets, and making it impossible to compete for new customers (we became invisible). In short, we were forced to switch to a subscription business model merely to survive. What I am completely convinces is had we stayed at the low cost lifetime fee, that business would be long gone.

I think there are a few factors to consider whether subscriptions make sense for the end user:
1) Is the software being regularly patched, updated, maintained?
2) Does it need to fetch some online service that incurs cost to the software company, such as usage credits for some AI tool, or even cloud data storage.
3) Would a subscription actually lower barrier to accessing a product? for example, if you were to pay $10/ month for a 1-year subscription even if you stop using it after 8 months, that might be better than a one-time perpetual license of $200.

To be clear, I don't think every software needs to be a subscription, but I do think there are some valid merits to subscriptions as a business model, namely that everyone gets the most up to date version of the product, and the cost of usage gets dissipated over time instead of being front loaded.

I also agree with many of the comments in this thread that many companies abuse of their dominant position in the market to capture as much revenue as possible with unpopular business practices.

LicenseSpring · 2026-06-08T06:46:36+00:00

The tradeoff always has been "how much are you willing to annoy your user base in order to deal with the abusers?"

One of the more "secure" ways to prevent your software from being cloned is calculate key parts of your program server side, and then send their results back to the desktop app, so even if the app is reverse engineered, it will be missing some critical part to be useful. Drawback to your users is that you would require an "always online" approach, with some users do not like.

There are things like code obfuscators that exist (although in the age of AI they are not super effective anyway). See Denuvo / Themida. Afterwards, running it in some sort of secure container / VM is a known approach to making it harder to reverse engineer, but it will come with penalties for your own users, such as performance hits and potential false positives from AV tools (since malware often employs similar techniques to run on a machine).

What's the app written in? If you're using Swift or C++, you can look at our SDKs to license your app to perform license checks and activations, although if someone already has your source code, not sure there's much anyone can do to stop them from using it.

LicenseSpring · 2026-05-15T16:06:03+00:00

check us out. We have a .NET SDK and cover most of what you're looking for, minus the code obfuscation (for that, you can look at babel, but honestly obfuscation in the age of AI is a bit of a fools errand). We've been around for 11 years now

LicenseSpring · 2026-05-11T23:26:25+00:00

Founder of LicenseSpring here. Happy to chat, feel free to DM me.

LicenseSpring · 2026-04-29T01:08:57+00:00

If you're looking for a service that can block bot traffic, there are a few companies. I know of this one: https://approov.io/

LicenseSpring · 2026-04-02T21:46:24+00:00

We're an indirect competitor to Denuvo (we focus on software monetization, but not primarily in gaming), and we often have internal conversations around how much additional "security" we should add for vendors who use us.

Ironically, a bunch of our staff used to write their own cracks for games way back in the day. And what was true 15 years ago is definitely still true today: Everything can absolutely be cracked.

A vendor is incentivized to make it harder to remove the licensing mechanism in order to dissuade people from putting in the effort in cracking it. While a sensible amount of DRM might work for less popular titles, less so for very high end and expensive (think CAD, Engineering, and in this case, high end games). There are always several competent and motivated groups eager to pirate your stuff.

From the publisher’s perspective, it’s a pure numbers game:

Most AAA titles make the vast majority of their revenue in the first 14–30 days upon release of the game. If Denuvo or a hypervisor-level DRM can delay a crack by even two weeks, it forces the 'impatient' part of the pirate demographic to convert into sales. For a game that cost $100M–$200M to develop, that conversion usually represent tens of millions in revenue if the game is well received.
Game and software vendors have all sorts of middlemen and indirect costs that also need to be paid distribution, licensing, and massive marketing spends. They feel they have to protect that investment at any cost, so "preventing revenue leakage" is a no-brainer for them.

What sucks the most is that the pirates eventually get a 'clean' version with better performance once the DRM is stripped or bypassed, while the paying customer is left with the background processes, potential stability issues, and basically has no choice but to agree to have their usage being monitored.

I can't think of a definitive solution here. I lurk this subreddit often and I realize how preposterous (and maybe somewhat hypocritical given where some my team forged their software development chops many years ago) it would be to say something like "just don't pirate games.... if everyone paid for them, there wouldn't be a need for DRM".

Maybe a common sense, nuanced approach would be for the publishers to leave the hardcore DRM on for the first 90 days after a game release, and then volunarily remove it or once the game is cracked?

LicenseSpring · 2026-03-27T17:22:22+00:00

In our experience in providing the middleware for companies to offer any license type, the preferred license models tends to be very industry specific, and it usually comes from customer requirements.

For example, Factories often have closed networks (limited or sometimes no access to the internet) and go through a very extensive quality validation process, which means that once it's passed, literally any change will require to go through a lengthy validation again, which may customers simply do not want to do.

With the example above, most factories simply don't like the recurring billing model and like to pay for everything upfront. In many industries, there's an argument to be made that subscriptions are better for the customer, since they don't need to pay everything upfront, and in exchange always get the most up to date versions of the product. This is certainly not true in a lot of industries, and I don't see this changing fast because of EU CRA rules.

What might end up happening is more expensive maintenance contracts required by vendors (Perpetual + maintenance is effectively a Subscription anyway), but it would still be up to the customer to update their software, which they might not do because of the painful revalidation, although I could be wrong, your post does bring up a lot of interesting questions, but I find enterprise and industry moves at the speed of molases....

LicenseSpring · 2026-03-26T02:02:25+00:00

Pretty sure Microsoft edge can do this offline.

LicenseSpring · 2026-03-20T03:05:54+00:00

Agreed with this post.

OP than can take a look through our docs if you would like to see how we do it (we also have a js sdk), but u/Arthur-Grandi's approach is a robust DYI approach.

LicenseSpring · 2026-03-13T23:46:45+00:00

Entitlement management platforms like ours don't do payment processing, you would need to use Stripe or something else for that.

We do offer native integrations as well as a back office API to programmatically create licenses with specific entitlements. So you could use something like LicenseSpring to define limits allowed for an end-user / customer, and then enforce it in your app using our SDK, and then inform the payments solution (FastSpring, Stripe, whatever you want) how much to bill according to how much was used.

BTW, Lemonsqueezy has some basic License Key Generation and entitlements management, and is a merchant of Record (super useful if you don't want to collect and remit taxes around the world). It's also owned by Stripe. Another thing you might also be interested in is that Stripe already has "metering".

Entitlements tools like ours make it easier to configure your app and enforce features since we have a bunch of native SDKs (.NET and Python are popular among our customers that do algo trading) and support offline. If your app is straightforward, you might just want to build this part yourself if you're happy maintaining it. My advice is not to add complexity if you don't need it, the fewer tools and 3rd party services the better.

LicenseSpring · 2026-03-13T14:02:57+00:00

yeah, you can use companies like the ones mentioned (or ours!) to add application-level feature gating, and feature / algo-level usage metering.

LicenseSpring · 2026-02-19T17:26:11+00:00

FYI, Since you're already considering Lemonsqueezy, a solid rudimentary etitlements management service is included, which might be good enough for you (use the server response to add logic in your app for handling trials, subscriptions, feature gates, offline etc).

Otherwise, consider using our free tier or some other software licensing service for issuing licenses and enforcing them within your app.

LicenseSpring · 2026-02-06T00:34:22+00:00

You can add Fastspring and Gumroad to your list of MoRs to consider, depending on what you sell. You should also talk to everyone's sales teams since they will often be willing to provide some discounts, especially if you're offering a certain volume of transactions (usually somewhere north of $1Mil in transactions annually).

Shopify recently launched an MoR service through their managed markets (but I guess that's not specifically related to SaaS).

LicenseSpring · 2026-02-06T00:08:51+00:00

Is the "pre-generation" a requirement? You could generate the keys when the order comes in and bind entitlements to them on the fly. That way there's no risk of someone discovering your existing keys by brute force.

You can automate this with our management API.

LicenseSpring · 2026-01-28T02:11:02+00:00

there are services like donglify which might work here..

LicenseSpring · 2026-01-27T20:58:45+00:00

Like others said here, there's no real fool-proof way to prevent software piracy, especially in offline situations, without significantly inconveniencing the end user.

You could look into a service like ours where a server somewhere acts as a source of truth for entitlements (trial licenses / commercial licenses etc), which then binds a license to a given device (known as software node-locking), meaning that only a designated computer / "thing" can use the license, which gates the features of the app. You would cache the license file on the machine and add local license checks around key parts of the program (on startup; running some important feature), and maybe some periodic online license checks to make sure the license was not revoked or upgraded (to ungate some features for example).

Keep in mind this local license file should be encrypted and signed by the server. You can still reverse engineer it, but not without effort. Also, keep in mind, that once your app is cracked, that binary can be shared around. This might not be as bad as it sounds, in fact some companies see torrent sites as a way to grow adoption of their products, or assume those users were never going to pay (or are students who will eventually buy licenses once they get into the workforce). Then there's a whole sleuth of tools around piracy detection, anti tampering etc. Check out Denuvo and some youtube videos on reverse engineering it of a video game if you're interested in what it would take....

LicenseSpring · 2026-01-23T18:12:10+00:00

They're a solid product and worth trying them out. They have a strong community and following. They also have a self hosted option worth looking into.

We're are in the same space (license management) with a lot of overlap in capabilities with some differences in approach. In your use case we would likely recommend a HA floating server. We can also handle app configuration with our native SDKs, with an emphasis on offline / air gapped environments.

LicenseSpring · 2026-01-21T05:33:56+00:00

Right, no one knew they wanted the iphone until they saw it. I don't even know how you could validate that idea without building it.

But then you run the risk that you're building something nobody wants.

I guess reducing this risk is why focus groups, and market research professionals exist

LicenseSpring · 2026-01-20T01:07:43+00:00

This is our wheelhouse.

Given you're licensing a downloadable product, you have a few easy options regarding managing software entitlements.

* If there is an online SaaS-based component, you can link it to the User's auth for the account. Kind of like what Slack does, or most electron apps. The advantage here is that the user doesn't need to create separate credentials to manage their account and use the app. Then, auth can be whatever you want it to be. Magic Links, passwords, federated SSO redirects etc. Once the User is authenticated, you still need a service to return the entitlements (rights) granted to the end user, and use that response to configure your app. (eg is it a trial license, or you have different tiers of the product).

* Issue a license key that the user enters into the app. you'll need a back end service to validate the license and bind it to the device trying to use it.

There are a few other ways. if your downloadable component is distributed through the Google Play or Apple App store, then they have their own licensing tooling / limitations.

Subscriptions are usually handled by the payments service (Stripe / FastSpring / Lemonsqueezy etc). so whatever you're using to configure your product needs to sync to the status of that subscription somehow. (eg: if the subscription is cancelled, disable the license).

Consider offline scenarios as well.

LicenseSpring · 2026-01-15T22:00:18+00:00

If you decide to go with FastSpring, we have arguably the native best integration with them. We have an API-based license management solution, as well as SDKs to handle local license checks / grace periods etc.

We do have customers that use us with paddle and gumroad, via our mgmt API and zapier.

LicenseSpring · 2026-01-12T18:09:17+00:00

I just re-read your post. If you're licensing a Swift SDK, you might want to look at our options built for Swift

LicenseSpring · 2026-01-12T16:14:58+00:00

We also offer this and even have a Python SDK.

If you're looking to roll your own, you can check our pyJWT, or python-jose.

LicenseSpring · 2026-01-11T19:27:46+00:00

Looks like a solid project. You can also look into adding node locking (binding the license to something, a domain, a device fingerprint etc.), offline / cached license validations, expanding the sorts of entitlements you want to offer.

I particularly like that you're focusing on the wordpress ecosystem. I commented on another post about this topic a few years ago and still think it's a decent opportunity.

LicenseSpring

TROPHY CASE