Skip to main content
The Devolens (formerly Cryptolens) Web API is the HTTPS interface that applications, backend services, and third-party systems use to work with licensing data. It is used for license verification, key creation, activation management, customer access, usage data, and automation. For most client applications, we recommend using one of the client SDKs. The SDKs call the Web API for you and include helpers for common licensing tasks. You can also call the Web API directly when you need a custom backend integration, an unsupported programming language, or a workflow that is not covered by an SDK.

How it fits

At a high level, the Web API is the integration layer between your systems and Devolens: 
Your application or client SDK
Your backend, CRM, payment provider, or admin portal
Enterprise components such as a license server or reverse proxy
        |
        v
Devolens Web API
        |
        v
License keys, customers, activations, features, and usage data
This makes the Web API useful both for simple license checks inside an application and for larger SME or enterprise workflows where licensing is connected to sales, billing, customer administration, support, or internal tools.

Common use cases

You can use the Web API to:
  • Activate and verify license keys.
  • Create, extend, block, or update license keys from your backend.
  • Assign license keys to customers and retrieve licenses linked to a customer.
  • Manage activated machines, user seats, floating seats, or other activation identifiers.
  • Store and update license metadata, such as feature configuration or usage counters.
  • Integrate Devolens with payment providers, CRM systems, provisioning workflows, or internal admin portals.
  • Support platforms where no official client SDK is available.

SDKs vs direct API calls

ApproachBest forNotes
Client SDKsIn-app license verification and standard activation flows.SDKs wrap common Web API methods and usually include helpers for machine codes, signed responses, and license checks.
Direct Web API callsBackend automation, payment flows, customer systems, unsupported languages, and advanced integrations.Your application sends normal HTTPS requests to Devolens and handles the response directly.
License server or reverse proxyEnterprise environments with strict networking, offline needs, or customer-specific domains/IP addresses.These options can route or cache licensing traffic while keeping the same licensing model.

Security basics

Access to the Web API is controlled with access tokens. Create separate tokens for different workflows and give each token only the permissions it needs. For example, a token used by a backend payment workflow may need permission to create or update license keys. A token distributed inside a desktop or mobile application should be much more limited. Do not place admin or key-generation tokens in client-side applications. For license verification, use signed responses where supported and verify the response with your RSA public key. Your application should also check the license properties that matter for your product, such as product ID, expiry date, blocked status, features, and machine-binding or activation rules.

Direct request example

If you are using an unsupported language or building a custom integration, you can call the Web API directly. For example, this request retrieves information about a license key: 
https://app.cryptolens.io/api/key/GetKey?token={access-token}&ProductId=1234&Key=MUYVD-LSEBY-CXHRQ-XFAGY&Sign=True
The exact parameters depend on the method you call. See the Web API reference for endpoint-specific request and response details.

Enterprise deployment options

Most applications can call Devolens directly through the client SDKs or the Web API. Some enterprise customers have additional network or compliance requirements. In those cases, you can also use:
  • Reverse proxy, if requests need to go through your own domain or IP address.
  • License server, if customer machines have limited internet access or need a local licensing gateway.
  • Backend-only API calls, if license provisioning, billing, or customer administration should be isolated from client applications.

Next steps