Ngabantu Enterprise License Manager Backend
Technical Detail
In-depth documentation for the Ngabantu Enterprise License Manager Backend – covering core features, security, configuration, endpoints, and deployment.
This page is aimed at technical teams integrating the License Manager Backend into their infrastructure and CI/CD pipelines.
Architecture, security, configuration & APIs.
A complete licensing backend you can ship today.
The Enterprise License Manager Backend is a hardened Node.js/Express service that runs your full licensing journey: checkout → payment verification → license generation → email fulfilment → activations/validations → admin analytics. It’s designed for Flutter plugin authors, mobile SDK teams, and businesses that want to monetize premium features without building the entire platform from scratch.
- AES-256-GCM encrypted license payloads with tamper protection.
- Modular payments (multiple processors) with server-side price validation.
- Admin dashboard for transactions, customers, licenses, webhooks, and errors.
- Offline grace support (e.g., 14-day offline tolerance) for field apps.
From purchase to activation in one flow.
You can embed the hosted checkout, or call the backend from your own storefront. Once payment is confirmed, the backend generates a license key, stores metadata, and delivers it via SMTP. Your Flutter plugin/app validates the key against your rules (tier, product scope, device binding), with support for both online and offline validation strategies.
Buyer selects product + tier. Backend verifies amount/currency server-side to prevent underpayment.
Webhooks and verification endpoints confirm payment status before fulfilment.
License key generated, stored, and emailed automatically (with resend support in admin).
Device binding (when required) links a license to a hardware/device identifier.
Validate tier limits, product scope, and expiry rules. Supports offline grace windows for resilience.
Monitor revenue, activations, webhooks, and errors from a single admin dashboard.
v2.0 hardening defaults that reduce risk.
The backend is built with a security-first posture: strong cryptography for license data, hardened HTTP headers, strict CORS, rate-limited endpoints, and safer comparisons around sensitive values. This helps protect revenue and reduces common operational failures (spoofed payments, replayed keys, brute force).
- AES-256-GCM encrypted license payloads
- Derived keys (PBKDF2) and integrity protection
- Timing-safe comparisons for secrets
- Helmet security headers
- Strict CORS configuration
- Rate limiting on auth/payment/webhook routes
- Request IDs + structured logs
- Webhook logs for processors
- Error visibility in admin dashboard
Modular processors, one licensing source of truth.
Payments are handled via a modular integration layer so you can start with the defaults and extend later. The backend verifies payments before issuing licenses and records transactions for reporting.
- Server-side amount and currency validation (anti-tamper).
- Webhook handling and verification steps before fulfilment.
- Transaction history + exports for reconciliation.
Single, Multi, Enterprise — with enforceable limits.
Tiers are designed to match how teams actually ship software: one product, a small portfolio, or a full suite. Limits are enforced by the backend and reflected in the admin dashboard.
- Best for 1 product/app
- Device binding supported
- Fast setup for solo/studio teams
- Designed for small portfolios
- Centralized customers + licenses
- Stronger reporting workflows
- Large product suites and teams
- Priority onboarding + support
- Hardened deployment workflow
Run it locally, on a VPS, or behind your existing stack.
Deploy as a standalone service or alongside your existing infrastructure. Typical production setups use Nginx as a reverse proxy, a process manager (PM2/systemd), and a managed database. The backend supports lightweight local setups and scalable production environments.
- SQLite for fast evaluation and self-contained demos.
- MySQL/PostgreSQL/MSSQL for production environments.
- SMTP configuration for fulfilment email delivery.
Key endpoints for storefronts, plugins, and ops.
Your storefront typically uses the payment + fulfilment endpoints, while your plugin/app uses activation and validation. Admin endpoints power the dashboard and internal workflows.
- Create / verify payments
- Webhook processing
- Fulfilment triggers
- Activate / bind device
- Validate licenses
- Offline grace support
- Transactions & customers
- Licenses (search, resend, revoke)
- Logs (webhooks & errors)
Integration help when you need it.
Need help integrating checkout, deploying securely, or wiring validation into your Flutter plugin/app? Use the support links on the right to reach the helpdesk.