DOCS
LLMs

Generate Download Token

Generate Download Token

Creates a time-limited, cryptographically signed token for secure release downloads.

POST /api/v1/products/{slug}/releases/{version}/download_token

Try it in the Interactive API Docs →

When to Use

  • Gating software downloads to valid license holders
  • Implementing secure auto-update functionality
  • Preventing unauthorized distribution

Path Parameters

Parameter Required Description
slug Yes Product slug (e.g., my-app)
version Yes Release version (e.g., 2.1.0)

Request Body

Parameter Required Description
license_key Yes License key to authorize the download
platform No Target platform (e.g., macos, windows, linux)

Example Request 

curl -X POST https://licenseseat.com/api/v1/products/my-app/releases/2.1.0/download_token \
  -H "Authorization: Bearer pk_live_xxxxxxxx" \
  -H "Content-Type: application/json" \
  -d '{
    "license_key": "LS-ABCD-1234-EFGH-5678",
    "platform": "macos"
  }'

Response 

{
  "object": "download_token",
  "token": "eyJhbGciOiJFZERTQSIsInR5cCI6IkpXVCJ9...",
  "expires_at": "2026-01-21T12:05:00Z"
}

Response Fields

Field Description
token Signed JWT token for download authorization
expires_at Token expiration timestamp (typically 5 minutes)

Error Codes

Code HTTP Meaning
license_not_found 404 License key doesn't exist
release_not_found 404 Release version doesn't exist
expired 422 License has expired
revoked 422 License has been revoked
download_token_not_configured 400 Download tokens not enabled for this product

Using the Download Token

Your download server should verify the token before serving files:

  1. Extract the token from the request (query param or header)
  2. Verify the Ed25519 signature using your signing key
  3. Check token hasn't expired (exp claim)
  4. Verify product and version match the requested file
  5. Serve the file if valid

Client-Side Usage 

// Get download token
const response = await fetch(
  '/api/v1/products/my-app/releases/2.1.0/download_token',
  {
    method: 'POST',
    headers: {
      'Authorization': 'Bearer pk_live_xxxxxxxx',
      'Content-Type': 'application/json'
    },
    body: JSON.stringify({
      license_key: 'LS-ABCD-1234-EFGH-5678',
      platform: 'macos'
    })
  }
);

const { token, expires_at } = await response.json();

// Use token to download
const downloadUrl = `https://downloads.example.com/my-app/2.1.0/installer.dmg?token=${token}`;
window.location.href = downloadUrl;

See Also

Previous Get Latest Release Next Error Codes