Documentation
DevLock SDK Documentation
Integrate license validation, remote kill-switch, feature flags, and domain locking into any JavaScript / TypeScript app. Two packages, one control plane — managed from your dashboard.
Getting Started
DevLock ships two SDKs. Use devlock-client in browser / frontend apps (safe to bundle, uses your public key) and devlock-sdk in Node.js / server apps (uses your secret key).
# Frontend (React, Next.js, Vue, Vanilla)
npm install devlock-client
# Backend (Node.js, Express, Fastify, NestJS)
npm install devlock-sdkGet Your Keys
- Create an account and sign in to the DevLock Dashboard.
- Create a Project — you’ll get a
pk_live_…public key and ask_live_…secret key. - Use the public key in the frontend SDK and the secret key in the backend SDK (keep it server-side only).
- (Optional) Create license keys, feature flags, and allowed domains from the project pages.
Frontend SDK — devlock-client
Vanilla TypeScript:
import { DevLock } from 'devlock-client';
const devlock = new DevLock({
projectKey: 'pk_live_xxx',
licenseKey: 'DLCK-XXXX-XXXX-XXXX-XXXX',
on: {
onKillSwitch: (reason) => showBlockedUI(reason),
onMaintenanceMode: (cfg) => showMaintenance(cfg.message),
},
});
await devlock.init();
if (devlock.isFeatureEnabled('premium')) {
renderPremium();
}React / Next.js:
import { DevLockProvider, useFeatureFlag } from 'devlock-client/react';
function App() {
return (
<DevLockProvider config={{ projectKey: 'pk_live_xxx' }}>
<Dashboard />
</DevLockProvider>
);
}
function Dashboard() {
const isPremium = useFeatureFlag('premium');
return <div>{isPremium && <PremiumWidget />}</div>;
}Backend SDK — devlock-sdk
Express middleware (also works with Fastify & NestJS):
import { createMiddleware } from 'devlock-sdk/express';
app.use(createMiddleware({
secretKey: process.env.DEVLOCK_SECRET_KEY!,
projectId: process.env.DEVLOCK_PROJECT_ID!,
excludePaths: ['/health', '/webhooks'],
on: {
onKillSwitch: (reason) => logger.error('Disabled:', reason),
},
}));
app.get('/api/data', (req, res) => {
const { license, isFeatureEnabled } = req.devlock!;
if (isFeatureEnabled('advanced-export')) { /* ... */ }
res.json({ status: license.status });
});Configuration
| Option | Default | Description |
|---|---|---|
apiUrl | https://dl-api.tashanto.com | DevLock API base URL |
environment | production | production | staging | development |
offlineGraceHours | 72 | How long cached validation stays valid offline |
failBehavior | 'open' | 'open' never breaks your app; 'closed' hard-fails on outage |
tamperDetection | true | (frontend) detect SDK manipulation |
Fail-Open Safety
DevLock never becomes a single point of failure. If DevLock’s servers are unreachable, a network error occurs, or a response is malformed, the SDK never throws and never blocks your app — it fails open. A lock (kill-switch / maintenance) is applied only when the server explicitly reports it.
const devlock = new DevLock({
projectKey: 'pk_live_xxx',
failBehavior: 'open', // default — an outage never breaks your site
});Resources
Developed with ❤️ by tashanto.com