License keys, finally done right.
KeyStack is the modern license manager for software teams. Generate, validate and control every key you sell — from a clean dashboard or a single API call.
Free forever for 1 app and 50 active licenses. No credit card required.
Welcome back
Here's how Acme is doing
12,840
+8%
6
stable
982k
+14%
341
+19%
Validations
Latest keys
KS-7F3K-99XYactiveKS-2A1Q-LM4NactiveKS-9XB1-44KTfrozen
Trusted by indie founders, agencies and growing SaaS teams
Everything you need
Ship paid software, without the duct tape
From the first key to your ten-thousandth, KeyStack handles the boring parts so you can focus on building the product.
Beautiful license keys
Generate tamper-proof keys with built-in HMAC checksums. Validate in milliseconds, revoke instantly, extend in one click.
One dashboard per app
Manage every product in one place. Each app gets its own keys, plans, customers, webhooks and audit trail.
Fast public API
HMAC-signed REST endpoints with Redis-cached validation. Built for high traffic with predictable p99 latency.
Built for trust
Argon2 hashing, AES-256-GCM at rest, TOTP 2FA, full audit log. Your customers and your security team will thank you.
Multi-tenant from day one
Strict org isolation enforced at the database layer with a Prisma extension. Your data never crosses the line.
Stripe-native billing
Auto-issue keys on purchase, extract customer info, and reconcile orders without writing webhook glue code.
How it works
From sign-up to first sale in an afternoon
Create an application
Add the product you want to license. Choose key format, set quotas, generate per-app API keys.
Wire up the API
Drop two HMAC-signed endpoints into your app: `/issue` and `/validate`. SDKs in TypeScript and Python.
Connect Stripe
A purchase fires a webhook, KeyStack mints the key, emails your customer, and writes the activation back.
Built for trust
Security isn't a feature. It's the foundation.
Every license key is checksummed with HMAC-SHA256, every API call is signed and replay-protected, every mutation is in the audit log. You can hand KeyStack to your security team and sleep at night.
- Argon2id password hashing + TOTP 2FA
- HMAC-SHA256 request signing with replay protection
- AES-256-GCM encryption at rest for sensitive secrets
- Tenant isolation enforced at the database layer
- Full audit log of every mutating action
SOC-2 ready architecture
From day one — not bolted on later.
0 ms
Median validation latency
99.99%
Uptime SLA on Business plan
0+
Built-in webhook events
Three lines of code
The TypeScript SDK does the boring parts
HMAC signing, timestamp drift, retries, error mapping — handled. Works in Node 20+, Cloudflare Workers, Vercel Edge, Deno and Bun.
import { KeyStack } from '@keystack/client';
const ks = new KeyStack({
publicKey: process.env.KEYSTACK_PUBLIC_KEY!,
secretKey: process.env.KEYSTACK_SECRET_KEY!,
});
const result = await ks.licenses.validate({ key });
if (!result.valid) deny(result.reason);Loved by builders
From founders who've shipped paid software
“We rolled our own license system for three years and it was always the part of the stack we hated. KeyStack replaced 1,200 lines of glue code in one afternoon.”
Avery Chen
Founder, Plate.dev
“Activations and the audit log alone justify the price. Compliance loved that every key mutation is signed and timestamped.”
Marek Růžička
CTO, Statera Analytics
“I issued my first key in production the same day I signed up. The SDK is so small I read the whole thing before importing it.”
Jules Martins
Indie dev, OfflineFirst.app
Questions, answered
Frequently asked
Those are payment platforms. KeyStack is a focused license-management layer that plugs into the payment platform you already use (Stripe, custom API, or manual issuance) and gives you one home for every key.
Start managing licenses in 5 minutes.
Free for your first app and 50 active licenses. Upgrade when you grow.