7-day trial · No credit card required
- ✓RSA-2048 license issuance
- ✓axix-agent (Linux + macOS)
- ✓Go + Python SDKs
- ✓Vendor dashboard (basic)
- ✓Community + email support
Cancel anytime · Cancellation policy
Axix Hawk is a multi-tenant licensing platform for ISVs. Issue RSA-2048 signed licenses, enforce them on customer machines via an on-prem agent, and revoke instantly from a dashboard — with audit trails, webhook events, and Go & Python SDKs included.
No credit card · Credentials in 2 min
Every plan is built on three simple bases: products, active licenses, and API requests. Start with one product — add more at checkout and your price, license pool, and API volume scale together.
7-day trial · No credit card required
Cancel anytime · Cancellation policy
7-day free trial included
Per product · scale count at checkout
Cancel anytime · Cancellation policy
7-day free trial included
Per product · scale count at checkout
Cancel anytime · Cancellation policy
See how Axix Hawk's pricing bases compare to the licensing APIs developers already know.
| Metric | Axix Hawk | Keygen | Cryptlex | LicenseSpring |
|---|---|---|---|---|
| Pricing basis | Products + Licenses + API requests | Seats/ALU + entitlements | Products + active licenses/activations | Products + monthly API requests |
| Free tier | 1 product / 10 licenses / 500 req/day | Up to 50 ALU | 30-day trial | 1k requests/mo |
| Entry paid price | $30/mo per product (Standard) | $49/mo | $50/mo | $199/mo |
| Dedicated Keycloak realm per tenant | ✓ | ✗ | ✗ | ✗ |
| On-premise deployment option | Premium tier | Self-host CE only | Self-hosted | ✗ |
| Kubernetes deployment manifests included | 45 manifests | ✗ | ✗ | ✗ |
| Signing key rotation | One API call | Manual | Manual | Manual |
*Competitor pricing based on publicly available vendor pricing pages as of July 2026. Individual plans, bases, and limits vary by vendor.
// go get github.com/axix-hawk/sdk-go import hawk "github.com/axix-hawk/sdk-go" client, err := hawk.Init(hawk.Config{ ProductID: "my-product", OrgID: "my-org", LicensePath: "/etc/axix/license.axlic", OnRevoked: func() { os.Exit(1) }, OnExpired: func() { log.Fatal("License expired") }, }) if err != nil { log.Fatal(err) } // Gate features by license tier if err := client.RequireFeature("analytics"); err != nil { log.Fatal("analytics not licensed:", err) } // Check current status: active | grace | grace_expired | revoked | expired status := client.Status()
# pip install axix-hawk-sdk from axix_hawk import init, HawkConfig import sys client = init(HawkConfig( product_id="my-product", org_id="my-org", license_path="/etc/axix/license.axlic", on_revoked=lambda: sys.exit(1), on_expired=lambda: sys.exit(1), )) # Gate features by license tier client.require_feature("analytics") # Check current status print(client.status()) # active | grace | grace_expired | revoked | expired
# Install agent on customer machine (one command) curl -fsSL https://api.hawk.yourdomain.com/agent/fingerprint.sh | bash # Place the license file your customer received cp license.axlic /etc/axix/license.axlic # Start the agent (systemd service on Linux) systemctl start axix-agent systemctl enable axix-agent # Check agent status via local HTTP endpoint curl http://localhost:7443/v1/status
Full integration guide, troubleshooting table, and API reference at hawk.yourdomain.com/docs →
| Capability | Axix Hawk | Build Your Own |
|---|---|---|
| RSA license signing | ✓ Included, per-tenant | 2–4 weeks to implement |
| On-prem agent with grace period | ✓ Included, cross-platform | 4–8 weeks |
| Go + Python SDKs | ✓ Included | 4–6 weeks per language |
| Multi-tenant isolation (RLS) | ✓ PostgreSQL RLS + Keycloak realms | Extremely complex, high risk |
| Webhook event delivery | ✓ Included with retry | 1–2 weeks |
| White-label vendor console | ✓ Included | 8–16 weeks |
| Signing key rotation | ✓ One API call | 2–4 weeks |
| Audit trail with hash chain | ✓ Included | 2–3 weeks |
| Kubernetes deployment | ✓ 45 manifests included | 4–8 weeks |
| Ongoing security maintenance | ✓ Handled | Yours forever |
| Time to first license issued | ✓ ~30 minutes | 6–12 months |
Every plan is built on three bases: licensed products, active licenses, and daily API requests. Standard is $30/mo per product (75 licenses + 3k API/day each). Premium is $49/mo per product (115 licenses + 5k API/day each). Use the product counter at checkout to scale all three together.
Standard and Premium include fixed pools per licensed product. Add products at checkout to increase licenses and API volume in the same step — no separate overage counters on self-serve plans.
Yes. Upgrade or downgrade from your vendor dashboard or by contacting support. Plan changes take effect on your next billing cycle; prorated credits apply when moving to a higher tier mid-cycle.
Your vendor console remains accessible for 30 days after cancellation so you can export audit logs and customer data. Existing license blobs on customer machines continue to validate until their expiry date — revocation API access ends when the subscription lapses.
No. Zero setup fees on every tier, including Premium with on-premise deployment options. You pay only the published monthly or annual subscription rate.
Yes. Annual billing saves 17% on Starter, Growth, and Premium compared to monthly rates. The Free tier is always $0.
No. The only outbound network call from the agent is a POST /v1/heartbeat with: license_id, machine_id, agent_version, sdk_version. No telemetry, no usage data, no personally identifiable information. Nothing else leaves the customer network.
The agent enters a 48-hour grace period and continues operating normally. If the server is still unreachable after 48 hours, the license enters grace_expired status and the agent enforces shutdown. The grace period duration is configurable.
No. The license blob is RSA-signed and includes the machine_id. The agent verifies the signature and checks that the machine_id in the blob matches the actual machine fingerprint on startup. A copied license fails verification on a different machine.
Every tenant has a dedicated RSA-2048 key pair. The private key is encrypted with AES-256-GCM before being stored in the database. The encryption key (KEY_ENCRYPTION_KEY) is stored in AWS Secrets Manager and never appears in the codebase, environment files, or logs.
The POST /v1/signing-keys/rotate endpoint (Enterprise) generates a new RSA key pair, encrypts and stores the new private key, and returns the new public key PEM. Existing licenses signed with the old key remain valid until expiry. New licenses are signed with the new key. A re-issue flow is available for customers who need immediate key migration.
Yes. Each tenant gets a dedicated Keycloak realm with custom branding. The vendor dashboard is deployed at your domain and shows your branding. You can point a custom subdomain (app.mycompany.com) at the vendor dashboard for each of your customers.
Yes. The Enterprise plan includes an on-premise deployment option. All Kubernetes manifests, Helm chart values, and deployment runbooks are provided. The platform runs on any Kubernetes cluster — EKS, GKE, DigitalOcean, or on-prem.
License generation via the API typically responds in under 50ms. Webhook delivery is asynchronous and typically arrives within 2–5 seconds after the license event is triggered.
The axix-agent is a standalone daemon that runs on the customer machine and handles license verification, heartbeat sending, and status caching. The Go and Python SDKs communicate with the local agent over HTTP at :7443. You embed the SDK in your application; the agent runs as a system service. The SDK does not communicate directly with the Axix Hawk platform — all network communication goes through the agent.
Sign up in 2 minutes. Issue your first RSA-signed license in 30. No credit card required for the free trial.
Quick answers before you book a demo or strategy call.