Should applications rely on the `lic` query param

My add on has relied on the lic=active query parameter passed into my entrypoint to determine whether to provide paid functionatlity. I’ve noticed a case where an expired license (never paid and over a month expired) continues to pass in lic=active. According to Clarification on "&lic=none" this should pass in lic=none. I reached out to marketplace support months ago but haven’t been able to get a definitive answer.

Do other applications rely on this query parameter or do I need to look up the license for some other property (note I have no read/write permissions so this is not possible)?

Short answer: yes, the lic=active is the best indication that the instance is entitled to a working app.

Long answer: it’s complicated.
There are some scenario’s in which there might not be an active license in your license report, but Atlassian still deems the instance is entitled to a working app. This can be because of a grace period when a license expires (to allow for payment processing) or because there is an active quote (which is a way for customers to extend their trial) or because the customer is exploiting a loop-hole in the whole process (there are a few).

It’s probably best to find your own middle ground how to deal with this. For instance, we’ve made the decision to not query the Marketplace API for each request to see if there is an active license and rely mostly on lic=active to serve the customer. But that is also because our application infrastructure is very cheap, so we allow customers more slack. So we only poll the Marketplace API periodically and determine allow for a very lenient grace period. This works for us, but you might be in a different situation in which you want to be more strict on license enforcement.

3 Likes