Licensing
Get a license key from Octet, put it in your edge, and Octet verifies it on every forward — plus a separate partner key your backend uses to read verdicts.
The two credentials
Two credentials, both issued by Octet, gate the two channels that reach Octet:
| Credential | Used by | How it's sent | Gates |
|---|---|---|---|
| License key | The edge | LICENSE env → x-octet-license header | The edge → Octet signal channel. |
| Partner key | Your backend | x-octet-partner-key header | The backend → Octet verdict-fetch channel. |
Keep both secret and out of any browser-delivered code — neither ever belongs in the page. The license key is a single per-deployment credential: it authorises your edge, not individual users or browsers, so there is no per-user activation step. The partner key is issued to you by Octet — see What Octet Provides.
Getting a license key
Request a browser license key at sdk.octetproof.com/signup/interest — the browser SDK's own signup.
This signup, and the keys it issues, are for the browser SDK — a separate flow from the mobile SDK's. The keys are not interchangeable: a browser key is scoped to the browser product, so a mobile SDK key won't be accepted here (and a browser key won't work in the mobile SDK). If you use both, keep the two keys distinct.
The key is a PASETO v4.public token shaped like octet_live_v4.public.… (or octet_test_… against staging). Put it in your edge's LICENSE environment variable — that's all that's required on your side:
LICENSE=octet_live_v4.public.… ./octet-edge-linux-amd64
See Deploy the Edge for the full edge setup.
How it's verified
Octet verifies the license key server-side, on every forward from your edge — there is nothing for you to wire up. A key is accepted only if it:
- carries a valid signature from Octet,
- is issued for the browser product,
- is within its validity window, and
- has not been revoked.
If a key fails any of these — expired, revoked, malformed, or for the wrong product — Octet rejects the forward and no verdict is produced for that session (see Troubleshooting). Request a fresh key before yours expires; if a key is ever compromised, Octet can revoke it and the revocation takes effect promptly.
How keys are formatted, signed, and validated is internal to Octet — you simply obtain a key and set it. The checklist above is informational, so you know why a key might be rejected.
Where to go next
- What Octet Provides. The full list of what Octet issues you.
- Deploy the Edge · Fetch the Verdict.
- Troubleshooting. What to do when a key is rejected.