How license keys are assigned and validated
Learn what makes a license key valid and why product, order, and refund state all matter.
License keys are not just strings in a list. In Zwely, a buyer-valid key is tied to a product, assigned through checkout, and connected to an order that still counts as active.
That structure lets your software ask a useful question: does this key really belong to this product, and is the purchase still valid?
What makes a key valid
Keys belong to products
A license key is valid only for the product it was assigned from. This prevents a key from one product unlocking another product accidentally.
Checkout activates the key
A key becomes buyer-valid after checkout assigns it to a customer and order. Unassigned keys sitting in your inventory are available, but they are not valid for a buyer yet.
Refunds and failed orders matter
Refunded, failed, or inactive orders do not return valid license responses. This keeps validation aligned with active purchases and helps protect software access after refunds.
Email checks are optional
Your app can include customer_email when you want a stricter check. That is useful when you want the key and buyer email to match before activating software.
Client-safe validation avoids unnecessary data
Product-scoped validation tokens return only the non-sensitive fields needed by shipped software. Richer customer and order details are available only through server-side account API keys.
Good to know
- Client-safe validation responses avoid customer PII and order financial details.