tencent cloud

Integrating License
Download PDF
Last updated: 2025-04-23 15:51:46
Integrating License
Last updated: 2025-04-23 15:51:46
Download PDF
For software installed via Cloud App, Cloud App will issue a License. Within the software process, the License can be read and verified.

What Are the Functions of a License?

A License is a permit for software end users. The authorization content includes:
Usage period: If the software expires, the software process can deny service or provide downgrade service.
Specifications: Software can run based on authorized specifications, such as limiting the number of concurrencies and the number of users.

Integrating Cloud App License: What Are the Advantages?

Smooth: Licenses are automatically issued upon placing an order without waiting.
flexible: Support needs such as renewal and specification adjustment.
Trustworthy: Issued by Tencent Cloud official, associated with a License bound to a role-based instance, difficult to forge and copy.

License Transaction and Delivery




Service providers need to define specifications for products corresponding to application packages. The defined specifications will be confirmed when users make purchases and serve as the specifications of the License.
The License is issued according to the software specifications purchased by the customer. The issued License contains the following information:
associated software package
associated software instance
authorized specification information
Authorization mode (permanent/subscription)
authorization status (valid/expired/invalid)
Issue time Activation time Expiration time Expiration time

Verify License

The application image of the service provider can verify the License through the TencentCloud API. The process is as follows.



To verify the software License, the core steps are:
Retrieve installation parameters cloudapp_cam_role, use CAM role to apply for temporary keys, and make an API call to the cloud API. See the document for details on calling the cloud API.
Call the cloudapp.VerifyLicense API to retrieve the license information associated with the current process.
Verify the License status of the software process as needed, or perform feature control based on specifications.
The License information is shown as follows:
{
    "Response": {
        "RequestId": "9026a0fe-992e-4015-a5d5-95a322333853",
        "License": {
            "ActivationDate": "2024-12-10T09:46:58+08:00",
            "AuthorizedCloudappId": "cloudapp-2gwvcfb1",
            "AuthorizedCloudappRoleId": "0",
            "AuthorizedSpecification": [
                {
                    "ParamKey": "version",
                    "ParamKeyName": "Version"
                    "ParamValue": "basic",
                    "ParamValueName": "basic version"
                },
                {
                    "ParamKey": "scale",
                    "ParamKeyName": "Specification"
                    "ParamValue": "single",
                    "ParamValueName": "single thread"
                }
            ],
            "AuthorizedUserUin": "100000888888",
            "BillingMode": 1,
            "ExpirationDate": "2025-01-10T09:46:58+08:00",
            "IssueDate": "2024-12-10T09:46:46+08:00",
            "LicenseId": "100000888888:pkg-la39nlb7:cloudapp-2gwvcfb1:6006",
            "LicenseMode": "Subscription",
            "LicenseStatus": "Active",
            "LicenseType": "Standard",
            "LifeSpan": 1,
            "LifeSpanUnit": "M",
            "ProviderId": 100000099,
            "SoftwarePackageId": "pkg-la39nlb7"
        },
        "Signature": "T2mbjUr8Q8I0nekShP7WJs7MvUq8Ovv0lrWkn5PEIPVlFYWpaRJOWBviQstCUaotFE89QQdbDEDaP9XVXtPfFt47Zp/BN+qaajTNdUN/HL8IAsC15OsDjGtXgdezPcRwDNx0SfaWBmBeJuB2xgFxvF7/tKcWKEltAf+tE4/SPMcIFDQPOqQD1gpdC0HM3nSL92uP+yN6jCRGbTSZXN8L5RAC64f9XfSuFIIhDGQpKbXDalmrxxUHMRG6Qcs5TtQw7vdQvpwRY1NeRWC49g97ZZaboveK0skG1ym3wfk0Z8slkEzlVWbLmYe4VjJpdMpQv29XPrCUHc3tPJ4beb9FiJ1N4kzUflmr6bo75zRm4XSs8NIjN/jONPArt+6dTua9MITNtqP4nqKtwS6lw3GBZeTljb+wz5FlV1tKYoYMaBJSZyAu27mT7nwt1HJ34XLOw/yvgeGmqNDe6kAqxJ9tg/kEmw6TZP8UiKeWITsRCYXkdsyfeCnacVyiWFcsonOJoG4+wujnjroXEMgymw/CiddQD13PH4sLscpqgxlvXntVf2ljYP0ryFnO/bcq5I3L6FIVtOhpb6yjdWAl1A5FO9KG7jNT9aD11f38G7t1A4PIi2OdBQpcOLfYO3fqoimbAqiWVy8ww9N63ejnN+7ioJ/km2zBrAejFRv7Qes+p6c=",
        "Timestamp": "2025-01-09T10:28:57+08:00"
    }
}
Fields that need attention here:
LicenseStatus: Authorization status. If it is Active, it indicates that the authorization is valid; if it is Deactive, it indicates that the authorization has expired. The service provider should use the LicenseStatus field to determine whether the authorization is valid.
AuthorizedSpecification: Authorized specification. A software process can control software behavior based on this specification.
LicenseMode: Authorization mode, subscription or permanent buyout.
Signature: Signature for the Response.License structure. For scenarios with high security requirements for the License, signature verification can be performed (see License Signature Verification Method for specific practices) to ensure that the returned License information hasn't been intercepted and tampered with by a man-in-the-middle.
The timing of verifying the License can be autonomously determined by the software process. Common ways include:
Scheduled verification, such as once a day or once an hour.
Verify as needed, for example, when calling product features that require License verification.

Development Debugging of License

Add the specs specification configuration in the package.yaml of the application package in the following format. Then you can select specification information and authorization mode to create a License when installing the development edition of the application.
# <package.yaml>
# Declare application package specifications
specs:
  - key: version
    name: Version
    enum:
      - value: standard
        name: standard version
      - value: advanced
        name: advanced edition
      - value: enterprise
        name: Enterprise Edition
  - key: cluster_mode
    name: cluster mode
    enum:
      - value: single
        name: Single Cluster
      - value: double
        name: Dual Cluster
      - value: triple
        name: Three Clusters

Verify License Signature

The signature is implemented using the RSA-PSS-SHA256 algorithm. Please use the following public key for signature verification:
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA5EQJv0v0f1hrB7NIGwXi
hFmw+ugrJi7gnmOqaiYp7oFrzf4RSJ3DPr4K01F+CrjTdCPghDLq4fsKVxxHAjNj
nbstbVlHZEVOfzQ4umeocJpxWFuyKyGwHv+obnEZ/4689fxVpTbG3IbUTGn1TRJs
9s3xM8nFd6LLAoh1Hhrdf2D4mLRToLvtRVat1l8fH3gsM+RoG4L4h+3hghn4bpyA
na2MBFDzvmBeVGUVzqRjSvUaexd+Bo1wTsllAdqjP6MTlAAWGmIAMStBSRS+YpRQ
xjhE9Rdb9zTE54q3Ui7UJg5BMe+R3kVrBINbnT6Va8/Lzjg4+THdpMTLr6fY6ObF
7r+i/924XgxqQOFvGaFJSyjXTORnK42T5YRr5TSqxr9CzhybPcdRvws2GdAq9f55
8whj1DYcgg0X8kR06Iu+/9Mk/CqssdrZ8LYDwSkDI8S/RwpdNQfifUa8wyY0R2xN
nY+bnkrjvGPz7Rokr0Ki9/orT9i4yQWA1mMCDi2vcP+oXqrEs7XAyH85gDSzuTp+
dXbTYPZpIAK6Kejwssw1IE1lGNP4PNQZk9EXU7+vB1csz4GUao7Mr7F5VbrGKvTs
aGxbIc6b0MDWMEFA7L/CWC9UtReWCk1MYwJzy105bWU/VBpYJPmyZTFRQaY2MEH4
fnsK2+jtZ1IYIQw/YsHU6CcCAwEAAQ==
-----END PUBLIC KEY-----
Signature verification involves the following two fields:
Response.Signature: The signature is generated by first compressing the Response.License JSON structure to remove line breaks and then performing an RSA-PSS-SHA256 signature.
Response.License: The signed JSON structure. During verification, ensure that the structure is JSON data compressed and with line breaks removed.
Example code for signature verification is currently available in the following Golang version. Examples in other languages will be provided subsequently.
Go Lang
// VerifySignWithSha256RSA verifies the signature using an RSA public key
// @Param   publicKey PKIX RSA public key in PEM format
// @Param   signature base64 encoded signature
// @Param   message Content to be verified by signature
// @Return  error Return nil if signature verification passes, otherwise return error
func VerifySignWithSha256RSA(publicKey string, signature string, message []byte) error {
    // Parse public key
    publicKeyBlock, _ := pem.Decode([]byte(publicKey)) // Read PEM format public key
    // Decode PKIX format RSA public key
    rsaPublicKeyPKIX, err := x509.ParsePKIXPublicKey(publicKeyBlock.Bytes)
    if err != nil {
       return err
    }
    rsaPublicKey, ok := rsaPublicKeyPKIX.(*rsa.PublicKey)
    if !ok {
       return fmt.Errorf("public key is not rsa public key")
    }
    // Calculate the SHA-256 hash of the message
    hash := sha256.New()
    hash.Write(message)
    hashedMessage := hash.Sum(nil)
    // Obtain signature
    signatureFromBase64, err := base64.StdEncoding.DecodeString(signature)
    if err != nil {
       return err
    }
    // Verify signature with public key
    return rsa.VerifyPSS(rsaPublicKey, crypto.SHA256, hashedMessage, signatureFromBase64, nil)
}

// Usage example
const publicKeyPkix = "-----BEGIN PUBLIC KEY-----\\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvIPknZUDTxI8ep3wDFsN\\nC2vF1sTUfF8f6pnjSduwtIc5yUYV/1hONRe4DwWRiXQPrDRTjlDridNRfglmktoe\\ngUewNKfluGlxuTrUV35BBSGXdFTWJNg8/9j5zpsQS69mjwlh0wO8RxL0N9JatyHD\\nHZBg9psp4RGj57wxEdyANv5IUvPQ0MUwuZ64UATl/0VI5eRM1FCJI5rE9kC+eJyH\\n+c/63SNqBoSjG2kmXUb4nN8DPoDs90oA0wS2Yq1kr83kPAaFpcCIvnNKbXCK/hbY\\nJymt92Tcd8/viCxcEd88hacfzavWkyiLPl0W7Golnn2N9ZIyPwUb3a52yC4HiS5h\\n4XQSogiFluMQ+OIm4YwoaGgTILoU/Ip03LX7AILNI/Fcx9oGsLv2v4Lj01bStdJj\\n7EaCeitIw3SVyjlNAaoBTLzee0opBgVHGf8AnCzzf6qe7a0ics+pJbJi8+SGN6CF\\nOBZxeQxqu7ZE9c6y05ZYQEh0e5V/5KlIZMG0FtmyMY1Q1l2CHjVJz4xzG8t8asqZ\\njg7uVpsnQhOxrbz68cAnw9X/9297K62VnECa8z9/3kSfY0SWd+lmc5HpFRzRJPt8\\nDLjFR/r/turTJ+HnvUe1aJzD2oa8D8Y09T6gQWmAlmqLOnt7aSPm/zN3rVt/6CPY\\n6EKSQMgJ7oOgKg4FybkNELcCAwEAAQ==\\n-----END PUBLIC KEY-----"

func TestVerifySignWithSha256RSA(t *testing.T) {
    type args struct {
       publicKey string
       signature string
       message   []byte
    }
    tests := []struct {
       name    string
       args    args
       wantErr bool
    }{
       {
          name:    "Verify signature"
          wantErr: false,
          args: args{
             publicKey: publicKeyPkix,
             signature: "T2mbjUr8Q8I0nekShP7WJs7MvUq8Ovv0lrWkn5PEIPVlFYWpaRJOWBviQstCUaotFE89QQdbDEDaP9XVXtPfFt47Zp/BN+qaajTNdUN/HL8IAsC15OsDjGtXgdezPcRwDNx0SfaWBmBeJuB2xgFxvF7/tKcWKEltAf+tE4/SPMcIFDQPOqQD1gpdC0HM3nSL92uP+yN6jCRGbTSZXN8L5RAC64f9XfSuFIIhDGQpKbXDalmrxxUHMRG6Qcs5TtQw7vdQvpwRY1NeRWC49g97ZZaboveK0skG1ym3wfk0Z8slkEzlVWbLmYe4VjJpdMpQv29XPrCUHc3tPJ4beb9FiJ1N4kzUflmr6bo75zRm4XSs8NIjN/jONPArt+6dTua9MITNtqP4nqKtwS6lw3GBZeTljb+wz5FlV1tKYoYMaBJSZyAu27mT7nwt1HJ34XLOw/yvgeGmqNDe6kAqxJ9tg/kEmw6TZP8UiKeWITsRCYXkdsyfeCnacVyiWFcsonOJoG4+wujnjroXEMgymw/CiddQD13PH4sLscpqgxlvXntVf2ljYP0ryFnO/bcq5I3L6FIVtOhpb6yjdWAl1A5FO9KG7jNT9aD11f38G7t1A4PIi2OdBQpcOLfYO3fqoimbAqiWVy8ww9N63ejnN+7ioJ/km2zBrAejFRv7Qes+p6c=",
             message:   []byte("{\\"ActivationDate\\":\\"2024-12-10T09:46:58+08:00\\",\\"AuthorizedCloudappId\\":\\"cloudapp-2gwvcfb1\\",\\"AuthorizedCloudappRoleId\\":\\"0\\",\\"AuthorizedSpecification\\":[{\\"ParamKey\\":\\"version\\",\\"ParamKeyName\\":\\"Version\\",\\"ParamValue\\":\\"basic\\",\\"ParamValueName\\":\\"Basic Version\\"},{\\"ParamKey\\":\\"scale\\",\\"ParamKeyName\\":\\"Specification\\",\\"ParamValue\\":\\"single\\",\\"ParamValueName\\":\\"Single Thread\\"}],\\"AuthorizedUserUin\\":\\"100000888888\\",\\"BillingMode\\":1,\\"ExpirationDate\\":\\"2025-01-10T09:46:58+08:00\\",\\"IssueDate\\":\\"2024-12-10T09:46:46+08:00\\",\\"LicenseId\\":\\"100000888888:pkg-la39nlb7:cloudapp-2gwvcfb1:6006\\",\\"LicenseMode\\":\\"Subscription\\",\\"LicenseStatus\\":\\"Active\\",\\"LicenseType\\":\\"Standard\\",\\"LifeSpan\\":1,\\"LifeSpanUnit\\":\\"M\\",\\"ProviderId\\":100000099,\\"SoftwarePackageId\\":\\"pkg-la39nlb7\\"}")
          },
       },
    }
    for _, tt := range tests {
       t.Run(tt.name, func(t *testing.T) {
          if err := VerifySignWithSha256RSA(tt.args.publicKey, tt.args.signature, tt.args.message); (err != nil) != tt.wantErr {
             t.Errorf("VerifySignWithSha256RSA() error = %v, wantErr %v", err, tt.wantErr)
          }
       })
    }
}

Common Issues About License

Is Integration of the License Required? Is It Possible to Generate and Verify the License by Oneself?

It is required. After integration, the software billing of users can be well integrated with authorization online. For example:
Free trial to paid conversion is merely a License update. Users do not need to update the instance and can retain data.
Renewal scenarios will automatically refresh the License, and there is no need to go to the service provider for offline updates.
In scaling scenarios, the License will also be automatically refreshed, and the instance does not need to be replaced.
If the software itself is free software and no need for verification of software authorization, then there is no need to pay attention to the access of the License.

Can the Service Provider Perceive the Issuance of the License?

Temporarily unable to perceive.

How to Store the Public Key for Signature Verification?

The public key is used to verify the signature of the License information to ensure that the License information in VerifyLicense is issued by Tencent Cloud and has not been tampered with by a man-in-the-middle. When verifying the License signature, the supplier should ensure that the loaded public key is the one provided in the Verify License Signature method; otherwise, it may lead to the License information being attacked and tampered with by a man-in-the-middle. Therefore, the public key should not be exposed in configuration files that are easily modified or other similar independent configurations. If it needs to be saved offline in the software client, at least the public key configuration should be ensured in the client executable file that has been obfuscated or hardened.
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No

Feedback