Issues a signed offline activation response for the supplied request artifact.
const url = 'https://example.com/api/v1/provision/admin/activations/offline/issue';const options = { method: 'POST', headers: {'Content-Type': 'application/json'}, body: '{"meta":{"schemaVersion":1,"nonce":"example","requestedAt":"2026-04-15T12:00:00Z","sdkVersion":"example"},"body":{"activationCode":"example","fingerprint":"example","applicationInfo":{"applicationName":"example","installedApplicationVersion":"example","applicationInstanceName":"example","applicationScope":"example"},"components":"example"}}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/api/v1/provision/admin/activations/offline/issue \ --header 'Content-Type: application/json' \ --data '{ "meta": { "schemaVersion": 1, "nonce": "example", "requestedAt": "2026-04-15T12:00:00Z", "sdkVersion": "example" }, "body": { "activationCode": "example", "fingerprint": "example", "applicationInfo": { "applicationName": "example", "installedApplicationVersion": "example", "applicationInstanceName": "example", "applicationScope": "example" }, "components": "example" } }'Request Body required
Section titled “Request Body required ”Request artifact produced by the SDK’s OfflineActivationRequestBuilder.
Self-contained artifact produced by the SDK on an air-gapped machine to request a license activation without an HTTP call. The artifact is transported out of band (USB stick, portal upload, etc.) to an admin who presents it to the server; the server returns a matching signed OfflineActivationResponse.
object
Request-instance metadata: schema version, nonce, timestamp, SDK version.
object
Wire-format major version. Currently always 1. The server refuses unknown versions to fail
fast rather than silently mis-parse.
Client-generated request correlation id, populated by the SDK builder as 32 random bytes encoded as
base64url without padding. Echoed by the server in the matching response for audit / correlation;
has no security property in v1 — the SDK does not currently track outstanding
nonces. The real defences are the JWT exp/aud claims and the response signature.
UTC timestamp at which the SDK produced the request. Used by the server as part of the idempotency cache key.
Version of the SDK assembly that produced the request. Diagnostic only; never load-bearing.
Activation payload: activation code, fingerprint, optional application info.
object
Activation code identifying the entitlement or invitation. Required; non-empty.
Device fingerprint binding the license to a specific seat. Required; non-empty.
Optional snapshot of application-info fields. When the SDK builder was supplied with an
IApplicationInfoProvider, the four fields are copied here so the server can apply the same
application-scope policies it would for an online activation. Omitted from the wire format when null.
object
Display name of the host application, e.g. "Acme.Designer".
System.Version rendered via ToString(), e.g. "4.2.1.0".
Instance-distinguishing name for concurrent licensing, e.g. "Workstation-7".
Application scope identifier. When the entitlement defines allowed scopes, this must match one of
them or the activation is refused. null means the SDK did not supply a scope and the server
applies the entitlement’s default.
Optional per-component one-way hashes of the device identity (well-known keys: MachineName, MacAddress, OsVersion, UserName), mirroring the online activation request so offline activation uses the identical component set. Enables the entitlement’s ComponentMatchingStrategy (MatchAny/Two/Most). Additive: when omitted the server falls back to exact-equality on string OfflineActivationRequestBody.Fingerprint (MatchAll). Values are hashed on-device; raw component values never leave the client. Stays within schemaVersion 1 (additive optional field).
Example generated
{ "meta": { "schemaVersion": 1, "nonce": "example", "requestedAt": "2026-04-15T12:00:00Z", "sdkVersion": "example" }, "body": { "activationCode": "example", "fingerprint": "example", "applicationInfo": { "applicationName": "example", "installedApplicationVersion": "example", "applicationInstanceName": "example", "applicationScope": "example" }, "components": "example" }}Self-contained artifact produced by the SDK on an air-gapped machine to request a license activation without an HTTP call. The artifact is transported out of band (USB stick, portal upload, etc.) to an admin who presents it to the server; the server returns a matching signed OfflineActivationResponse.
object
Request-instance metadata: schema version, nonce, timestamp, SDK version.
object
Wire-format major version. Currently always 1. The server refuses unknown versions to fail
fast rather than silently mis-parse.
Client-generated request correlation id, populated by the SDK builder as 32 random bytes encoded as
base64url without padding. Echoed by the server in the matching response for audit / correlation;
has no security property in v1 — the SDK does not currently track outstanding
nonces. The real defences are the JWT exp/aud claims and the response signature.
UTC timestamp at which the SDK produced the request. Used by the server as part of the idempotency cache key.
Version of the SDK assembly that produced the request. Diagnostic only; never load-bearing.
Activation payload: activation code, fingerprint, optional application info.
object
Activation code identifying the entitlement or invitation. Required; non-empty.
Device fingerprint binding the license to a specific seat. Required; non-empty.
Optional snapshot of application-info fields. When the SDK builder was supplied with an
IApplicationInfoProvider, the four fields are copied here so the server can apply the same
application-scope policies it would for an online activation. Omitted from the wire format when null.
object
Display name of the host application, e.g. "Acme.Designer".
System.Version rendered via ToString(), e.g. "4.2.1.0".
Instance-distinguishing name for concurrent licensing, e.g. "Workstation-7".
Application scope identifier. When the entitlement defines allowed scopes, this must match one of
them or the activation is refused. null means the SDK did not supply a scope and the server
applies the entitlement’s default.
Optional per-component one-way hashes of the device identity (well-known keys: MachineName, MacAddress, OsVersion, UserName), mirroring the online activation request so offline activation uses the identical component set. Enables the entitlement’s ComponentMatchingStrategy (MatchAny/Two/Most). Additive: when omitted the server falls back to exact-equality on string OfflineActivationRequestBody.Fingerprint (MatchAll). Values are hashed on-device; raw component values never leave the client. Stays within schemaVersion 1 (additive optional field).
Example generated
{ "meta": { "schemaVersion": 1, "nonce": "example", "requestedAt": "2026-04-15T12:00:00Z", "sdkVersion": "example" }, "body": { "activationCode": "example", "fingerprint": "example", "applicationInfo": { "applicationName": "example", "installedApplicationVersion": "example", "applicationInstanceName": "example", "applicationScope": "example" }, "components": "example" }}Self-contained artifact produced by the SDK on an air-gapped machine to request a license activation without an HTTP call. The artifact is transported out of band (USB stick, portal upload, etc.) to an admin who presents it to the server; the server returns a matching signed OfflineActivationResponse.
object
Request-instance metadata: schema version, nonce, timestamp, SDK version.
object
Wire-format major version. Currently always 1. The server refuses unknown versions to fail
fast rather than silently mis-parse.
Client-generated request correlation id, populated by the SDK builder as 32 random bytes encoded as
base64url without padding. Echoed by the server in the matching response for audit / correlation;
has no security property in v1 — the SDK does not currently track outstanding
nonces. The real defences are the JWT exp/aud claims and the response signature.
UTC timestamp at which the SDK produced the request. Used by the server as part of the idempotency cache key.
Version of the SDK assembly that produced the request. Diagnostic only; never load-bearing.
Activation payload: activation code, fingerprint, optional application info.
object
Activation code identifying the entitlement or invitation. Required; non-empty.
Device fingerprint binding the license to a specific seat. Required; non-empty.
Optional snapshot of application-info fields. When the SDK builder was supplied with an
IApplicationInfoProvider, the four fields are copied here so the server can apply the same
application-scope policies it would for an online activation. Omitted from the wire format when null.
object
Display name of the host application, e.g. "Acme.Designer".
System.Version rendered via ToString(), e.g. "4.2.1.0".
Instance-distinguishing name for concurrent licensing, e.g. "Workstation-7".
Application scope identifier. When the entitlement defines allowed scopes, this must match one of
them or the activation is refused. null means the SDK did not supply a scope and the server
applies the entitlement’s default.
Optional per-component one-way hashes of the device identity (well-known keys: MachineName, MacAddress, OsVersion, UserName), mirroring the online activation request so offline activation uses the identical component set. Enables the entitlement’s ComponentMatchingStrategy (MatchAny/Two/Most). Additive: when omitted the server falls back to exact-equality on string OfflineActivationRequestBody.Fingerprint (MatchAll). Values are hashed on-device; raw component values never leave the client. Stays within schemaVersion 1 (additive optional field).
Example generated
{ "meta": { "schemaVersion": 1, "nonce": "example", "requestedAt": "2026-04-15T12:00:00Z", "sdkVersion": "example" }, "body": { "activationCode": "example", "fingerprint": "example", "applicationInfo": { "applicationName": "example", "installedApplicationVersion": "example", "applicationInstanceName": "example", "applicationScope": "example" }, "components": "example" }}Responses
Section titled “ Responses ”Response issued successfully.
Server-issued signed envelope returned by the offline activation flow. Carries an EndUserLicenseDto inside a JWS-flattened-JSON-style detached-payload envelope so the SDK can verify the signature byte-for-byte without canonicalization risk.
object
Base64url-encoded UTF-8 JSON bytes of an OfflineActivationResponseSignedPayload. The importer treats this string as opaque — it is base64url-decoded and verified, never re-serialized.
Base64-encoded RSA-SHA256 (PKCS#1 v1.5) signature over the raw bytes inside string OfflineActivationResponse.SignedPayload.
Example generated
{ "signedPayload": "example", "signature": "example"}Invalid request (schema mismatch, missing fields, or activation failure).
object
Example generated
{ "type": "example", "title": "example", "status": 1, "detail": "example", "instance": "example"}Caller is not an admin.
object
Example generated
{ "type": "example", "title": "example", "status": 1, "detail": "example", "instance": "example"}