Mobile apps present unique licensing challenges. The App Store and Play Store have their own purchase systems. Devices go offline. Users switch phones. Side-loading bypasses store protections. Here's how to implement robust license management that works across platforms without fighting the ecosystem.
When to Use API-Based Licensing (vs. Store-Only)
App Store and Play Store in-app purchases handle consumer payments well. But if you build B2B software, developer tools, or enterprise apps, you need more:
| Feature | Store-Only | API-Based (Traffic Orchestrator) |
|---|---|---|
| B2B volume licensing | ❌ | ✅ |
| Cross-platform license | ❌ | ✅ |
| Feature-level gating | Limited | ✅ Full control |
| License transfer between users | ❌ | ✅ |
| Enterprise SSO integration | ❌ | ✅ |
| Offline grace period control | Store-managed | ✅ Custom logic |
| Multi-device limits | Store-managed | ✅ Configurable |
Device Binding
Mobile licenses should bind to devices, not just accounts. Use a device fingerprint that survives app reinstalls:
// iOS — Use identifierForVendor
let deviceId = UIDevice.current.identifierForVendor?.uuidString ?? ""
// Android — Use ANDROID_ID
val deviceId = Settings.Secure.getString(
contentResolver, Settings.Secure.ANDROID_ID
)
// Validate with device binding
POST /api/v1/validate
{
"key": "TO-MOB-XXXX-XXXX-XXXX",
"domain": "com.yourapp.mobile",
"metadata": {
"deviceId": "device-uuid-here",
"platform": "ios",
"appVersion": "2.1.0"
}
}Offline Support: The Critical Path
Mobile apps lose connectivity constantly — elevators, airplanes, rural areas. Your licensing must handle this gracefully:
- Cache on first validation — Store the encrypted license response in the Keychain (iOS) or EncryptedSharedPreferences (Android)
- Set a grace period — 72 hours is reasonable for most B2B apps
- Countdown, don't crash — Show remaining offline time, not an error message
- Re-validate on reconnect — Use Reachability (iOS) or ConnectivityManager (Android) to trigger revalidation
// Offline license check (pseudocode)
func checkLicense() -> LicenseStatus {
if let cached = loadCachedLicense() {
let hoursSinceValidation = Date().timeIntervalSince(cached.validatedAt) / 3600
if hoursSinceValidation < 72 {
return .valid(cached) // Still in grace period
}
return .expired // Grace period exceeded
}
return .notFound // Never validated
}Cross-Platform: One License, All Devices
B2B customers expect one license to work across iOS, Android, and web. Traffic Orchestrator's domain-based licensing makes this straightforward — use your app's bundle ID or package name as the "domain":
- iOS:
com.yourcompany.app - Android:
com.yourcompany.app - Web:
app.yourcompany.com
One license key, validated across platforms, with per-device activation tracking.
App Store Compliance
- Apple — If selling to consumers via the App Store, you must use In-App Purchase. But B2B apps distributed via MDM, TestFlight, or enterprise certificates can use external licensing.
- Google — Play Store is more flexible. Side-loaded enterprise apps have no restrictions on external licensing.
- Hybrid approach — Use store purchases for consumer tiers, API-based licensing for enterprise tiers.
Getting Started
Traffic Orchestrator's REST API works seamlessly with mobile apps. Use your bundle ID as the domain, device IDs for binding, and the validation cache for offline support. Create a license in the portal and start validating in under 10 minutes.
Ship licensing in your next release
5 licenses, 500 validations/month, full API access. Set up in under 5 minutes — no credit card required.