bundle install black_friday_deals

Runtime license check

"Why do we check the license at runtime?"

The only "per-seat" pricing Avo does if for different apps or URLs. Because of that we need to check, at runtime, how does the parent app use Avo.

Avo has allowed the RubyGems.org team to build internal tools incredibly quickly, which is especially important due to our limited resources
André Arko
André Arko
RubyGems.org Team Lead

TL;DR;

  • In order to validate the license we need to check on what URL Avo is used on.

Avo's licensing is rather simple and permissive to customers. For one license you get Avo to use on one production environment, or better yet, one production URL. Please follow those pages to learn more about what that means.

Avo licenses are also Perpetual Fallback Licenses so, very leniant and don't penalize you if you stop renewing the subscription.

Because of these loose terms, the only way for us to scale the business is by implementing one "per-seat" strategy, which is one license per URL, and in order to make that work, we have to check the usage at runtime.

How is the check done?

We run a check on the first request inside the Avo path and then every six hours to see if the license is still valid and used within the terms of the subscription. The timeout of that request is 5 seconds.

What data is being sent?

  • Ruby, Rails, and Avo versions
  • The type of license and license key
  • The environment Rails.environment
  • The server IP, host and port
  • The app name
  • Some Avo metadata that helps us better understand the features you are using. For example:
    • avo_root_path
    • resources_count
    • dashboards_count
    • fields_count
    • fields_per_resource
    • custom_fields_count
    • field_types
    • actions_count
    • actions_per_resource
    • filters_count
    • filters_per_resource
    • main_menu_present
    • profile_menu_present
    • cache_store

None of this information is sold or shared with 3rd parties to use.
The only 3rd party services we share this information with is the ones specified here and it's only for internal use for monitoring, error reporting, and analytics.