Runtime license check

"Why do we check the license at runtime?"

The only "per-seat" pricing Avo does if for different apps or URLs. Because of that we need to check, at runtime, how does the parent app use Avo.

The Avo team themselves have been so responsive and helpful with any questions, concerns or requests.

Releasing half of your app to a single gem is a daunting prospect, but I have experienced how much the team respects their users and appreciates their responsibility.

John Bannister
John Bannister
Rails developer, Exlibris RPG

TL;DR;

  • In order to validate the license we need to check on what URL Avo is used on.

Avo's licensing is rather simple and permissive to customers. For one license you get Avo to use on one production environment, or better yet, one production URL. Please follow those pages to learn more about what that means.

Avo licenses are also Perpetual Fallback Licenses so, very leniant and don't penalize you if you stop renewing the subscription.

Because of these loose terms, the only way for us to scale the business is by implementing one "per-seat" strategy, which is one license per URL, and in order to make that work, we have to check the usage at runtime.

How is the check done?

We run a check on the first request inside the Avo path and then every six hours to see if the license is still valid and used within the terms of the subscription. The timeout of that request is 5 seconds.

What data is being sent?

  • Ruby, Rails, and Avo versions
  • The type of license and license key
  • The environment Rails.environment
  • The server IP, host and port
  • The app name
  • Some Avo metadata that helps us better understand the features you are using. For example:
    • avo_root_path
    • resources_count
    • dashboards_count
    • fields_count
    • fields_per_resource
    • custom_fields_count
    • field_types
    • actions_count
    • actions_per_resource
    • filters_count
    • filters_per_resource
    • main_menu_present
    • profile_menu_present
    • cache_store

None of this information is sold or shared with 3rd parties to use.
The only 3rd party services we share this information with is the ones specified here and it's only for internal use for monitoring, error reporting, and analytics.