Help indexGetting started with LimeLMTypes of software licensingWhat are Activations & Deactivations?How hardware-locked licensing and online activation worksHow to switch your licensing to LimeLM, TurboActivate, and TurboFloatFrequently asked questions (FAQ)Adding users to manage your LimeLM accountCustom license fieldsExtra activation dataUsing TurboActivate    … with Adobe AIR    … with C#    … with C, C++, & Objective-C    … with Delphi    … with Go    … with Java    … with NodeJS / Electron    … with Python    … with Xojo    … with VB6    … with VBA    … with VB.NET    … on macOS    … on Linux    … with Inno Setup    … with NSIS    TurboActivate wizardTimed trials in your appTurboFloat Server    Overview    Commandline options    Using our hosted TFSUsing TurboFloat    … with C#    … with C, C++, & Objective-C    … with Delphi    … with Java    … with NodeJS / Electron    … with Python    … with VB6    … with VBA    … with VB.NETAccount securityOffline activationHow to generate product keys after an order    … with Authorize.Net    … with Skrill    … with PayPal    … with FastSpringSaaS and time-limited licensingProxies in TurboActivateLicensing multiple products per processLicensing from inside a virtual machine or hypervisorLimeLM web API functions    Overview    Encoding    Response Format: REST    Response Format: JSON    feature.add    feature.delete    feature.edit    feature.getAll    pkey.activity    pkey.advancedSearch    pkey.deactivate    pkey.delete    pkey.find    pkey.generate    pkey.getDetails    pkey.getID    pkey.manualActivation    pkey.manualDeactivation    pkey.removeTag    pkey.revoke    pkey.setDetails    pkey.setTags    prod.getAll    prod.create    prod.createVers    prod.changeName    prod.editVers    tag.delete    test.echo    trial.advancedSearch    trial.manualVerifiedTrial    trialExtension.delete    trialExtension.generate    trialExtension.getDetails    trialExtension.getID    trialExtension.search

Account security

This is a decidedly unsexy (but important) topic about securing your LimeLM and LicenseChest account so that only you and your employees can access it. It can be summed up in 3 basic points:

1. Enable two-factor authentication

2. Always use a secure password (don't use the same password that you've used on other sites)

3. Treat your API key like a password (don't share it, don't include it in your app)

Enable two-factor authentication (2fa)

Two-factor authentication adds an extra layer of security to your user account. In short, it confirms you are who you say you are by combining something you know (your username / password) with something you have (your phone with a cryptographically secure generated code).

Setting up two-factor authentication for your account is 2 simple steps:

1. Get an "authenticator" app for your phone

2. Enable 2fa in your settings

Get an "authenticator" app for your phone

There are hundreds of authenticator apps available for free. You can use any of them. Here are some recommendations:

• Authenticator: an open source authenticator app for iOS. Small, simple and fast.

• FreeOTP: an open-source authenticator app for iOS and Android.

• Authy: a free authenticator app for iOS, Android, Windows, and macOS.

• Google Authenticator: a free authenticator app for iOS and Android.

• Microsoft Authenticator: a free authenticator app for iOS, Android, and Windows Phone.

Enable 2fa in your settings

After installing the "authenticator" app on your phone, it's simply a matter of going to your settings and following the steps needed to enable 2fa.

What if you get a "your password is vulnerable" error when logging in?

If you get this error from LimeLM (either when signing up or logging in) then it means that we've detected that the password you're using has been verified as being part of a data-leak from 3rd party companies. In other words, you've used this password on other sites and those sites have since lost your data (i.e. hackers got it).

This error does not mean that your LimeLM account was hacked, however it means you should change your password immediately to ensure only you have access to your account.

A good rule of thumb you should use a different password on every site you sign up for. Use a password manager to keep track of them for you. (There are literally thousands of free password managers out there). A good, reliable, and secure one for Windows is PasswordSafe.

Your API key is like an all-access password to your account

Your web API key on your settings page lets you use our web API functions in your back-office code. For example, generating product keys after an order.

Your API key is like a password. You should never use the web API key from directly in your app. If you embed the API key in your app it's equivalent to handing your customers your password. Don't do it.

To sum up, here are some places you can use your web API key:

• Use it in scripts that run on your server (for example, order processing)

• Use it for back-office purposes (running reports, etc.)

Here are some places you should never use your web API key:

• Don't use the web API key in the app you distribute to your customers!

• Don't use the web API key in JavaScript that is run in the browser!