Apps API
Create and manage applications. Each app has its own RSA key pair for signing licenses.
GET
/api/v1/apps List all applications for the authenticated user.
Response
{
"data": [
{
"id": "app_abc123",
"name": "Desktop App",
"slug": "desktop-app",
"description": "My desktop application",
"public_key_pem": "-----BEGIN PUBLIC KEY-----\n...",
"created_at": "2026-01-23T10:00:00Z"
}
]
} POST
/api/v1/apps Create a new application. RSA keys are auto-generated.
Request Body
| Field | Type | Required | Description |
|---|---|---|---|
name | string | Yes | Display name |
slug | string | Yes | URL-safe identifier |
description | string | No | Optional description |
webhook_url | string | No | Webhook URL for events |
Example
$ curl -X POST /api/v1/apps \
-H "Authorization: Bearer sk_live_..." \
-H "Content-Type: application/json" \
-d '{
"name": "My App",
"slug": "my-app"
}' GET
/api/v1/apps/:slug Get a single application by slug.
PUT
/api/v1/apps/:slug Update application metadata. Cannot modify RSA keys through this endpoint.
DELETE
/api/v1/apps/:slug Delete an application. Cascades to all tiers, features, customers, and licenses.
Warning: This action is irreversible. All associated data will be permanently deleted.
POST
/api/v1/apps/:slug/rotate-keys Generate new RSA key pair and re-sign all active licenses.
Response
{
"data": {
"message": "Keys rotated successfully",
"licenses_resigned": 42,
"public_key_pem": "-----BEGIN PUBLIC KEY-----\n..."
}
} GET
/api/v1/apps/:slug/public-key Public Get the app's RSA public key. No authentication required.
Returns application/x-pem-file content type.
Tiers
GET
/api/v1/apps/:slug/tiers POST
/api/v1/apps/:slug/tiers PUT
/api/v1/apps/:slug/tiers/:id DELETE
/api/v1/apps/:slug/tiers/:id Features
GET
/api/v1/apps/:slug/features POST
/api/v1/apps/:slug/features PUT
/api/v1/apps/:slug/features/:id DELETE
/api/v1/apps/:slug/features/:id