License Registration

Endpoints that member clusters (via license-proxyserver) and the console use to validate a license, obtain a fresh license, and generate a proxy-server installer.

All paths on this page are relative to /api/v1 (for example, POST /register is POST /api/v1/register).


POST /register

Register / validate a licensed user against a previously issued license. Used by on-prem / air-gapped deployments; only available when self-registration is permitted for the deployment type.

  • Auth: public — no token required. The request must carry a valid license payload, which is cryptographically verified; a license-validation middleware also gates the request.

Request body (application/json):

{
  "clusterUID": "c122d5e0-8d6b-4025-a2ff-63f5716053b1",
  "features": "kubedb",
  "caCert": "<base64-encoded CA certificate>",
  "license": "<base64-encoded license payload>"
}
FieldTypeRequiredDescription
clusterUIDstringyesUUID of the cluster being registered.
featuresstringyesFeature/product the license covers (empty value is rejected).
caCertstring (base64 bytes)noCA certificate used to verify the license chain.
licensestring (base64 bytes)yesThe license payload to validate.

Response: 200 OK — user registered (no body). Error responses:

StatusMeaning
400Bad request (empty features or unregistered clusterUID).
403Registration not supported for this deployment type.
422Unprocessable entity (invalid request body or license).
500License verification or user creation failed.
curl -X POST https://<akp-host>/api/v1/register \
  -H "Content-Type: application/json" \
  -d '{"clusterUID":"<uid>","features":"kubedb","license":"<base64>"}'

POST /license/issue

Issue a license for the caller’s cluster/product based on the caller’s active contract.

  • Auth: token (Authorization: token <token>, or token/access_token query parameter).

Request body (application/json):

{
  "cluster": "c122d5e0-8d6b-4025-a2ff-63f5716053b1",
  "features": ["kubedb", "kubedb-provisioner"]
}
FieldTypeRequiredDescription
clusterstringnoCluster UUID the license is issued for.
featuresarray of stringnoFeatures to include on the license.

Response: 200 OK — the issued license.

{
  "contract": {
    "id": "42",
    "startTimestamp": "2026-01-01T00:00:00Z",
    "expiryTimestamp": "2027-01-01T00:00:00Z"
  },
  "license": "<base64-encoded license certificate>"
}

contract echoes the contract the license was issued under; license is the license certificate bytes (base64-encoded in JSON). Error responses:

StatusMeaning
401Unauthorized.
403Forbidden (contract quota exceeded).
405Contract invalid (revoked or expired).
422Unprocessable entity (invalid request body).
500Internal server error.
curl -X POST -H "Authorization: token $AKP_TOKEN" \
  -H "Content-Type: application/json" \
  https://<akp-host>/api/v1/license/issue \
  -d '{"cluster":"<uid>","features":["kubedb"]}'

POST /user/license-proxy

Generate a license-proxyserver installer script for the resolved organization. When clusterID / contractIDs are supplied an offline installer is generated; otherwise an online installer.

  • Auth: token plus dynamic authorization on the organization. AppsCode-hosted only.

Query parameters:

NameTypeRequiredDescription
orgstringnoOwner (organization) context. Defaults to the caller.

Request body (application/json):

{
  "clusterID": "c122d5e0-8d6b-4025-a2ff-63f5716053b1",
  "contractIDs": [42, 43]
}
FieldTypeRequiredDescription
clusterIDstringnoCluster UUID; presence selects the offline installer.
contractIDsarray of int64noContract IDs to bake into the offline installer.

Response: 200 OK — a dynamic JSON object (map[string]any) containing the generated YAML / Helm 3 installer scripts (free-form object; keys depend on the installer flavor). Error responses: 401 Unauthorized, 403 Forbidden, 422 Unprocessable entity, 500 Internal server error.