Node-locked Licenses

What is a node-locked license?

Similar to a floating license, a node-locked license is a license that is only allowed to be used on a single device (referred to as a machine). A node-locked license may also be referred to as an "anchored" license. In a node-locked licensing environment, a license is activated on a first come, first served basis. The activated machine may be deactivated to free up the slot for a different machine, but deactivations can be disabled if required.

How do I implement a node-locked license?

To configure a node-locked license model, you will want to create a new Policy resource (or modify an existing Policy), and set a maximum machine limit of 1. You may also wish to set the node-locked Policy to strict, which is further explained below.

Then, within your software, you will want to integrate the following request flow:

Diagram of validating and activating a node-locked license key

  1. Validate the license key along with a fingerprint validation scope
  2. Activate the current machine for the license if not activated
  3. Revalidate the license key after activation (optional)

When you validate the license in step 1, the response data will contain the full license object, including the license's ID, which can be used for any subsequent activation requests. Step 2 will only need to be performed when the following validation code is received:

  • NO_MACHINE: The license has no machine activations

In the case where the node-locked license is already activated on another machine, the validation code will equal FINGERPRINT_SCOPE_MISMATCH. You can either deny use of the license on the unactivated machine, or you can prompt the licensee to deactivate the machine that the license is currently locked to and activate their new machine.

To ensure that every license validation request is scoped to a machine fingerprint, you can configure your Policy to require a fingerprint scope.


Strict vs non-strict

Setting the Policy to strict will require that each node-locked license has exactly 1 machine activation to be considered valid. A non-strict license will not take machine activations into account when validating a license, unless a specific scope is provided during the license validation request. We recommend setting your Policy to strict to ensure that all usage is accounted for.


Concurrent vs non-concurrent

Enabling concurrency on the Policy will allow more machine activations than the maximum machine limit, but the license will become invalid when the activation limit is exceeded. When a concurrent license exceeds its maximum machine limit, subsequent validations requests will respond with a TOO_MANY_MACHINES validation code, until the license deactivates enough machines to return to a valid state.

A non-concurrent license will allow machine activations up to the maximum limit as defined for the license, i.e. 1 for a node-locked license, and an API error will be returned when an activation request attempts to exceed that limit.


Offline capability

By utilizing cryptographically signed license keys and machine activation proofs, you can implement an offline-capable node-locked licensing model. Cryptographic license keys and proofs can be distributed to air-gapped environments in a variety of ways: email, a license file, USB dongle, on-premise license proxy, or through the use of QR codes.


Perpetual LicenseTimed LicenseFloating LicenseNode‑locked LicenseFeature License
Expiration DateNoYesOptionalOptionalOptional
Activation LimitsOptionalOptional> 01Optional
Feature LimitsOptionalOptionalOptionalOptionalYes
Offline SupportYesYesYesYesYes
Learn MoreLearn MoreLearn MoreLearn More