FOR INTEGRATORS
Build against the CodeOn API
Reference for the small set of public REST endpoints CodeOn plugins call, the Bank of Georgia webhook contract, and the internals of how licenses, watermarks, and tamper detection work. Useful if you're extending a CodeOn plugin, writing your own, or building a marketplace integration.
API reference
The plugin-facing endpoints. All responses are JSON; license-related responses carry a signature so the plugin can verify payloads end-to-end.
- OpenPOST /api/v1/validate-licenseThe heartbeat WordPress plugins call once per day. Request shape, signed response, status enum (active / grace / expired / suspended), grace-period contract.
- OpenGET /api/v1/updates/<plugin>Update manifest the WP UpdateChecker reads. Per-plugin tag resolution, version compare rules, force-refresh hints.
- OpenPOST /api/v1/tamper-reportDaily silent heartbeat from a watermarked plugin when its build-stamp fails to verify. Best-effort, fire-and-forget.
Webhooks
Inbound callbacks CodeOn receives from upstream gateways and turns into local order state.
Plugin internals
The contracts a CodeOn plugin honours so license validation, updates, and tamper detection work end-to-end.
- OpenLicense key format32-char checksummed string, prefix conventions, slug derivation for URLs.
- OpenBuild-id telemetryHow CODEON_BUILD_ID is seeded into a watermarked ZIP and cross-checked on validate-license.
- OpenWatermark contractPer-customer scatter files, fail-hard streamer rules, recovery-mode behaviour on tamper.