API Reference

Blackwalnut provides a REST API for managing all aspects of your licensing system. The API follows REST conventions and returns JSON responses.

Base URL

https://your-blackwalnut-instance.com/api/v1

Authentication

Most API endpoints require authentication via Bearer token. You can create API keys from the settings page in your Blackwalnut dashboard.

Secret Keys (sk_*)

Full read/write access. Use for server-side integrations. Never expose in client code.

Public Keys (pk_*)

Read-only access. Safe for client-side use where needed.

Authentication header 
Authorization: Bearer sk_live_your_api_key
Learn more about authentication

Response Format

All responses follow a consistent JSON structure:

Success Response

Single resource 
{
  "data": {
    "id": "app_abc123",
    "name": "My App",
    ...
  }
}

List Response

Collection with pagination 
{
  "data": [...],
  "meta": {
    "total": 150,
    "page": 1,
    "per_page": 20
  }
}

Error Response

Error format 
{
  "error": {
    "code": "validation_error",
    "message": "Email is invalid",
    "details": {
      "email": ["is invalid"]
    }
  }
}

API Endpoints

Apps

Create, read, update, delete applications. Manage RSA keys.

Customers

Manage customers, filter, paginate, and link to external systems.

Licenses

Issue, revoke, extend, and manage license tokens.

Verification

Public endpoints for license verification. No auth required.

OpenAPI Specification

The full API specification is available in OpenAPI 3.0 format. Use it to generate client libraries or explore with Swagger UI.

Download OpenAPI Spec Swagger UI

Rate Limiting

Public endpoints (verification) are rate limited to prevent abuse:

  • Verify endpoint: 100 requests/minute per IP
  • Batch verify: 20 requests/minute per IP

Authenticated endpoints have higher limits based on your plan.

Licenses Authentication