$ features

What AuthForge actually does.

AuthForge is a licensing platform for desktop software. The features below are the load-bearing pieces of that: the parts that prevent abuse, the parts that automate your sales workflow, and the parts that let your customers self-serve. Each linked deep-dive includes code samples and configuration walkthroughs.

Hardware locking (HWID)

Bind every license to a specific machine, with configurable seat counts, shared (unlimited-seat) keys, identity-based binding (Telegram/Discord), manual or self-service reset, and a complete audit trail.

read more →

Ed25519-signed validation

Validation and heartbeat responses are cryptographically signed by AuthForge and verified locally by your SDK. Per-request nonces stop replay; a multi-key trust list lets you rotate signing keys with zero downtime. Network attackers can't forge or replay positive responses.

read more →

Customer portal

A hosted, branded portal at portal.authforge.cc. Customers sign in with a magic email code and self-serve HWID resets under a policy you set — sliding-window caps, cooldowns, and auto-vs-manual approval — so they never email support to move to a new machine.

read more →

Developer API

A REST API at api.authforge.cc that mirrors the dashboard: create, list, update, and revoke licenses, apps, and webhooks server-to-server. Bearer keys carry scoped permissions, are rate-limited, and don't consume validation credits.

read more →

Webhooks for license events

Real-time HTTP callbacks for every license lifecycle event. Signed payloads, SSRF-hardened delivery URLs, test delivery, and a replay UI for failed events.

read more →

Commerce automation

Drop-in Stripe and Lemon Squeezy integrations for automated license fulfillment. Provider webhook verification, envelope-encrypted credentials, and replay tooling.

read more →

Affiliate program

Issue referral codes with a configurable commission percentage. Commissions accrue on purchases and auto-refills, with credit or manual payout modes and optional affiliate webhooks.

read more →

Account security (MFA & roles)

Operator accounts support TOTP multi-factor auth. Sensitive admin mutations are MFA-gated, and platform access is governed by user / support / admin roles.

read more →

Platform security primitives

Ed25519 signing keys are generated server-side and stored KMS-encrypted at rest. Nonce anti-replay, SSRF-hardened webhook URLs, envelope-encrypted commerce credentials, and per-tenant data isolation back the whole platform.

read more →

Usage-based economics

Unlimited apps, licenses, and devices. You pay per validation — no per-seat, per-product, or per-license fees. One credit balance covers everything you ship.

read more →

Looking for something else?

The full developer documentation lives at docs.authforge.cc , including REST API reference, webhook event schemas, and the full integration guides for each language SDK. The SDK index lists install commands, repos, and the two integration patterns we support.