Documentation

DevLock SDK Documentation

Integrate license validation, remote kill-switch, feature flags, and domain locking into any JavaScript / TypeScript app. Two packages, one control plane — managed from your dashboard.

Getting Started

DevLock ships two SDKs. Use devlock-client in browser / frontend apps (safe to bundle, uses your public key) and devlock-sdk in Node.js / server apps (uses your secret key).

# Frontend (React, Next.js, Vue, Vanilla)
npm install devlock-client

# Backend (Node.js, Express, Fastify, NestJS)
npm install devlock-sdk

Get Your Keys

  1. Create an account and sign in to the DevLock Dashboard.
  2. Create a Project — you’ll get a pk_live_… public key and a sk_live_… secret key.
  3. Use the public key in the frontend SDK and the secret key in the backend SDK (keep it server-side only).
  4. (Optional) Create license keys, feature flags, and allowed domains from the project pages.

Frontend SDK — devlock-client

Vanilla TypeScript:

import { DevLock } from 'devlock-client';

const devlock = new DevLock({
  projectKey: 'pk_live_xxx',
  licenseKey: 'DLCK-XXXX-XXXX-XXXX-XXXX',
  on: {
    onKillSwitch: (reason) => showBlockedUI(reason),
    onMaintenanceMode: (cfg) => showMaintenance(cfg.message),
  },
});

await devlock.init();

if (devlock.isFeatureEnabled('premium')) {
  renderPremium();
}

React / Next.js:

import { DevLockProvider, useFeatureFlag } from 'devlock-client/react';

function App() {
  return (
    <DevLockProvider config={{ projectKey: 'pk_live_xxx' }}>
      <Dashboard />
    </DevLockProvider>
  );
}

function Dashboard() {
  const isPremium = useFeatureFlag('premium');
  return <div>{isPremium && <PremiumWidget />}</div>;
}

Backend SDK — devlock-sdk

Express middleware (also works with Fastify & NestJS):

import { createMiddleware } from 'devlock-sdk/express';

app.use(createMiddleware({
  secretKey: process.env.DEVLOCK_SECRET_KEY!,
  projectId: process.env.DEVLOCK_PROJECT_ID!,
  excludePaths: ['/health', '/webhooks'],
  on: {
    onKillSwitch: (reason) => logger.error('Disabled:', reason),
  },
}));

app.get('/api/data', (req, res) => {
  const { license, isFeatureEnabled } = req.devlock!;
  if (isFeatureEnabled('advanced-export')) { /* ... */ }
  res.json({ status: license.status });
});

Configuration

OptionDefaultDescription
apiUrlhttps://dl-api.tashanto.comDevLock API base URL
environmentproductionproduction | staging | development
offlineGraceHours72How long cached validation stays valid offline
failBehavior'open''open' never breaks your app; 'closed' hard-fails on outage
tamperDetectiontrue(frontend) detect SDK manipulation

Fail-Open Safety

DevLock never becomes a single point of failure. If DevLock’s servers are unreachable, a network error occurs, or a response is malformed, the SDK never throws and never blocks your app — it fails open. A lock (kill-switch / maintenance) is applied only when the server explicitly reports it.

const devlock = new DevLock({
  projectKey: 'pk_live_xxx',
  failBehavior: 'open', // default — an outage never breaks your site
});

Resources

Developed with ❤️ by tashanto.com