Introduction Composer Setup GitHub App License Checker

License Checker

You can validate a user's Onsynk license programmatically inside your distributed package, ensuring only licensed users can use your code.

How It Works

When a user installs your package, they receive an access token from your Onsynk organization. Your package can call the Onsynk API to verify that token is still valid before allowing execution.

Middleware Approach

The simplest integration is a Laravel middleware:

<?php

namespace YourVendor\YourPackage\Http\Middleware;

use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Http;

class ValidateLicense
{
    public function handle(Request $request, Closure $next)
    {
        $token = config('your-package.license_token');
        $registry = config('your-package.registry_url');

        $response = Http::withToken($token)
            ->get("{$registry}/p2/your-vendor/your-package.json");

        if ($response->failed()) {
            abort(403, 'Invalid or expired license.');
        }

        return $next($request);
    }
}

Configuration

Publish your package config and ask users to add their token:

// config/your-package.php
return [
    'license_token' => env('YOUR_PACKAGE_LICENSE_TOKEN'),
    'registry_url'  => env('YOUR_PACKAGE_REGISTRY_URL', 'https://acme.onsynk.com'),
];

YOUR_PACKAGE_LICENSE_TOKEN=their-token-here
YOUR_PACKAGE_REGISTRY_URL=https://acme.onsynk.com

Caching Validation Results

To avoid hitting the API on every request, cache the result:

$valid = cache()->remember('license_valid', now()->addHour(), function () use ($token, $registry) {
    return Http::withToken($token)
        ->get("{$registry}/p2/vendor/package.json")
        ->successful();
});

if (!$valid) {
    abort(403, 'License check failed.');
}

Best Practices

  • Cache validation results for 1 hour to avoid rate limiting
  • Show a clear error message when the license is invalid
  • Do not hard-fail on network timeouts — fall back gracefully
GitHub App