SDK Overview
Use this page to choose a first-party SDK and understand what all client libraries are trying to keep consistent.
Who This Is For
- developers deciding which client library to adopt
- AI agents choosing an SDK for generated integration code
- operators checking whether a workflow should use a package or direct OpenAPI access
When To Use This
Read this after you understand the auth split and before you start writing integration code.
If you are building with TypeScript today, the deepest rewrite coverage in this pass is the TypeScript SDK page.
How It Works
First-party SDKs
| Language | Package | Install | Primary source |
|---|---|---|---|
| TypeScript | @licensekit/sdk | npm install @licensekit/sdk | sdk/typescript |
| Python | licensekit-sdk | pip install licensekit-sdk | sdk/python |
| Go | github.com/drmain1/licensekit-go | go get github.com/drmain1/licensekit-go | sdk/go |
| Ruby | licensekit-ruby | gem install licensekit-ruby -v 0.1.0.alpha.1 | sdk/ruby |
| .NET | LicenseKit | dotnet add package LicenseKit --prerelease | sdk/dotnet |
Standard client shape
Every first-party SDK is designed around the same conceptual split:
ManagementClientfor bearer-auth management routesRuntimeClientfor license-auth runtime routesSystemClientfor public health and key-discovery routes
The intended integration shape is also consistent:
- create or load a scoped management key
- create products, policies, and licenses with the management client
- validate the license with the runtime client
- verify the signed runtime result using the SDK’s verification helpers
What to expect across SDKs
The shared target behavior is:
- contract fidelity to
api/openapi.yaml - least-privilege scope metadata derived from
x-required-scopes - explicit runtime signature verification helpers
- configurable
baseUrlfor hosted or self-hosted deployments - reporting reads and frozen export flows on the management surface
Example
The standard shape in practice:
ts
import {
ManagementClient,
PublicKeyStore,
RuntimeClient,
SystemClient,
verifyRuntimeResult
} from "@licensekit/sdk";
const baseUrl = "https://api.licensekit.dev";
const management = new ManagementClient({
baseUrl,
token: process.env.LICENSEKIT_MANAGEMENT_TOKEN!
});
const runtime = new RuntimeClient({
baseUrl,
licenseKey: process.env.LICENSE_KEY!
});
const system = new SystemClient({ baseUrl });
const result = await runtime.validateLicense({
body: { fingerprint: "host-123" }
});
const publicKeys = await system.listPublicKeys();
await verifyRuntimeResult(result, new PublicKeyStore(publicKeys.data));Common Mistakes
- assuming an SDK flattens away the management and runtime envelope differences
- using package coverage as proof that the backend lacks a route
- mixing management and runtime auth just because one SDK exposes both clients
- skipping runtime verification because the SDK already parsed the JSON for you