License Management
Verbatim Enterprise uses HS256-signed JWTs as license keys. The license is validated at two points: during image pull (via the auth worker) and at runtime (via LicenseMiddleware).
License Format
A license JWT contains these claims:
| Claim | Type | Description |
|---|---|---|
org_name | string | Organization name |
seat_count | number | Maximum number of users |
expires_at | ISO 8601 | License expiration date |
features | string | Feature set (e.g. "all") |
license_id | UUID | Unique license identifier |
issued_at | ISO 8601 | When the license was created |
Checking License Status
curl http://localhost/api/license/statusReturns the current license status, organization, seat count, and expiry.
Expiration & Grace Period
When a license expires, the system enters a 14-day grace period:
- During grace period: Read-only access. GET requests work, but POST/PUT/DELETE return 402.
- After grace period: All API requests return 403.
Contact your account representative to renew. After receiving a new JWT, update VERBATIM_LICENSE_KEY in your .env and restart:
docker compose -f docker-compose.prod.yml restart backendSecurity Model
License validation is double-gated:
- Pull gate: The auth worker validates your license before providing the GHCR token needed to pull images.
- Runtime gate: The LicenseMiddleware in the backend validates the license JWT on every request, checking both signature and expiry.
The signing secret (VERBATIM_SECRET_KEY) must match the secret used when the license was generated.