You've built a React component library, a UI kit, or a frontend SaaS product — and you want to monetize it. The challenge: JavaScript runs in the browser, where anyone can inspect, copy, or bypass your licensing logic. Here's how to implement practical, effective license protection for React apps.
The Frontend Licensing Challenge
Frontend licensing is fundamentally different from backend licensing. Your code is visible, your validation logic is inspectable, and there's no server-side secret keeping. Accept this reality and design accordingly:
- Client-side checks are speed bumps, not walls — They prevent casual unauthorized sharing, not determined attackers
- Server-side validation is the source of truth — Always validate against a trusted API
- Obfuscation helps but doesn't solve — Use it as a layer, not the strategy
Architecture: License Provider Pattern
Use React's Context API to create a license provider that wraps your app and gates premium features:
// LicenseProvider.tsx
import { createContext, useContext, useEffect, useState } from 'react'
const LicenseContext = createContext({ valid: false, plan: 'free', features: [] })
export const LicenseProvider = ({ licenseKey, children }) => {
const [license, setLicense] = useState({ valid: false, plan: 'free', features: [] })
useEffect(() => {
// Validate against Traffic Orchestrator API
fetch('https://api.trafficorchestrator.com/api/v1/validate', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ key: licenseKey, domain: window.location.hostname })
})
.then(r => r.json())
.then(data => setLicense(data))
.catch(() => setLicense({ valid: false, plan: 'free', features: [] }))
}, [licenseKey])
return <LicenseContext.Provider value={license}>{children}</LicenseContext.Provider>
}
export const useLicense = () => useContext(LicenseContext)Feature Gating with Hooks
// PremiumChart.tsx
import { useLicense } from './LicenseProvider'
export const PremiumChart = ({ data }) => {
const { valid, features } = useLicense()
if (!valid || !features.includes('analytics')) {
return (
<div className="upgrade-prompt">
<p>Analytics charts require a Professional license.</p>
<a href="https://trafficorchestrator.com/pricing">Upgrade Now</a>
</div>
)
}
return <AdvancedChart data={data} />
}Don't Trust the Client: Dual Validation
Client-side checks provide instant UX feedback, but the actual enforcement must happen server-side. For component libraries distributed via npm, implement a two-layer approach:
- Client check — Immediate validation on mount using cached result (fast UX)
- Server check — Periodic revalidation against the API (tamper-proof)
- Watermarking — Embed license metadata in rendered output (deterrent)
Protecting npm Packages
If you distribute React components via npm, use build-time license injection:
// Your component's build process
// vite.config.ts
export default defineConfig({
define: {
__LICENSE_CHECK_ENDPOINT__: JSON.stringify(
'https://api.trafficorchestrator.com/api/v1/validate'
)
}
})Handling Offline and Slow Networks
- Cache validation results — Store the last valid response in localStorage with a TTL
- Grace period — Allow 24-72 hours of operation with a cached validation
- Degraded mode — Show warnings but don't break functionality during grace period
- Re-validate on reconnect — Use navigator.onLine and online events to trigger revalidation
Getting Started
Traffic Orchestrator's validation API is designed for frontend use — CORS-enabled, domain-bound, and fast (sub-10ms at the edge). Create a license in the portal, integrate the LicenseProvider pattern, and start monetizing your React components in minutes.
Ship licensing in your next release
5 licenses, 500 validations/month, full API access. Set up in under 5 minutes — no credit card required.