A License Key is a unique identifier generated by Whop for each user who has made a purchase. It acts like a special access code that users can input to gain access to your application.

When to use license keys

License Keys are useful when you want to sell & restrict access to desktop applications. For example, if you’re selling a game, you can use license keys to restrict access to users who have purchased the game.

Creating a License Key

If you haven’t already created your company or made a product to sell, you’ll want to start there.

Once you’ve done that, head to the dashboard to add the license key experience to your product.

A download link is required to add a Software experience. This is the link that will appear in the user’s dashboard to download the software.

Create license key

Getting your API key

For the endpoints below, you’ll need to use your API key. You can find your API key in the dashboard under the Developer tab.

You must keep your API keys safe and secure - if not properly scoped, your API keys can be dangerous if they fall into the wrong hands.

Creating an API key

  1. Head to your Developers settings page
  2. Click New API Key
  3. Set a memorable name for your key.
  4. Copy the API key

We recommend you scope your API key for this use case. For more details, click here

Create API key


Metadata is a way to store information about a license key. The most common use case for this is to store information about the user’s device, HWID. Hardware ID is a unique identifier for a device, and can be used to prevent users from sharing their license keys with others.

The user can reset their metadata anytime by going to their dashboard and clicking the Reset Key button.

How to get a user’s HWID

const machineId = require('node-machine-id');

function generate_hwid() {
    return machineId.machineIdSync();

Validating a License Key

The metadata field in the body is required. If you do not wish to set any metadata, you can pass an empty object.

{ "metadata": {} }
import fetch from "node-fetch";

async function validateLicense(licenseKey, HWID) {
    const url = `https://api.whop.com/api/v2/memberships/${licenseKey}/validate_license`;
    const payload = {
        metadata: {
            HWID: HWID,
    const headers = {
        Accept: "application/json",
        Authorization: `Bearer ${API_KEY}`,
        "Content-Type": "application/json",

    const response = await fetch(url, {
        method: "POST",
        headers: headers,
        body: JSON.stringify(payload),

    return response;


Here are the most common responses from this endpoint.

Status CodeDescription
201The license key is valid and the user can use the product
400The metadata did not match; the user needs to reset their key
404The license key was not found