PHP Quickstart

License validation for PHP apps — Laravel, WordPress, or vanilla PHP.

5 minute setup
$ composer require traffic-orchestrator/sdk
1

Install the SDK

Add the SDK to your PHP project via Composer.

bash
composer require traffic-orchestrator/sdk
2

Initialize the Client

Create a client instance configured with the API base URL.

php
<?php
use TrafficOrchestrator\Client;

$client = new Client([
    'base_url' => 'https://api.trafficorchestrator.com/api/v1'
]);
3

Validate a License Key

Check if a license key is valid, active, and authorized for the given domain.

php
$result = $client->validateLicense(
    'TO-XXXX-XXXX-XXXX',
    'example.com'
);

if ($result->valid) {
    echo "✅ License active!";
    // $result->features contains enabled features
} else {
    echo "❌ Invalid: " . $result->error;
}
4

Activate on a Device

Register an installation against the license to track seat usage.

php
// Generate a stable machine fingerprint
$machineId = substr(hash('sha256', php_uname('n') . php_uname('m')), 0, 32);

$activation = $client->activate(
    'TO-XXXX-XXXX-XXXX',
    $machineId
);

echo "Seats: {$activation->activations}/{$activation->maxActivations}";
5

Verify Offline (Optional)

Cryptographic verification without network calls.

php
// Ed25519 offline verification
$isValid = $client->verifyOffline(
    'TO-XXXX-XXXX-XXXX',
    $signature,    // cached from online validation
    $publicKey     // your Ed25519 public key
);

if ($isValid) {
    // License verified offline
}
6

Handle Webhooks

Verify and process real-time license events in PHP.

php
$secret    = getenv('WEBHOOK_SECRET');
$signature = $_SERVER['HTTP_X_TO_SIGNATURE'] ?? '';
$timestamp = $_SERVER['HTTP_X_TO_TIMESTAMP'] ?? '0';
$body      = file_get_contents('php://input');

// Reject stale webhooks
if (time() - (int)$timestamp > 300) {
    http_response_code(401);
    exit(json_encode(['error' => 'Expired']));
}

// Verify HMAC signature
$expected = hash_hmac('sha256', "{$timestamp}.{$body}", $secret);
if (!hash_equals($expected, $signature)) {
    http_response_code(401);
    exit(json_encode(['error' => 'Invalid signature']));
}

$event = json_decode($body, true);
error_log("Event: " . $event['event']);
http_response_code(200);
echo json_encode(['received' => true]);

Next Steps

Full API Reference SDK Documentation All SDKs & Resources Guides & Tutorials