Soraco: Secure and Scalable Software License Management
About The Client
Soraco Technologies
- IndustrySoftware Licensing & IP Protection
- RegionCanada
- PlatformSaaS dashboard · desktop tools · APIs
- Delivery1 year
Soraco Technologies is a software company based in Canada. It develops Quick License Manager (QLM), a licensing platform used by software vendors to manage software activation, license enforcement, and usage control. Their work mainly focuses on creating systems that issue, track, and validate software licenses.
Over the years, Soraco has developed products used by software companies across different regions. Their solutions are designed to support both desktop and cross-platform applications, with features that allow companies to handle licensing, activation, and user access in a structured way.
Along with its core product offerings, the company also provides tools that connect licensing systems with online sales and customer management processes.
Project Overview
Hybrid Licensing That Stays Reliable In Every Environment
As Soraco Technologies’ Quick License Manager (QLM) scaled across multiple products, inconsistent license validation and fragmented integrations arose. This began impacting reliability, enforcement accuracy, and support efficiency.
To address this, a hybrid licensing model was implemented, combining a centralized validation server with cryptographically signed offline license files. This unified, tamper‑resistant license validation ensured consistent validation across environments.
Online activation is handled through API‑based validation, while offline activation relies on locally verifiable signed license files using embedded public keys ensuring reliable license verification without dependency on constant connectivity.
Cross‑platform SDK integration standardized license validation logic across desktop and web applications. Additional controls - including device binding, license expiry enforcement, and controlled license transfer workflows ensured secure and consistent enforcement across both connected and restricted environments.
The Concept
Centralized Licensing Control With Dual Validation
The system is built on a centralized licensing control model that separates application execution from licensing decisions. Access control logic is managed externally through a unified licensing service exposed via APIs and SDKs.
The system uses a dual-validation approach. Online validation enables real-time license verification through secure API calls for enforcement and usage tracking. Offline validation relies on cryptographically signed license files, which are verified locally using embedded public keys, allowing operation without connectivity.
Both validation modes function within a single licensing framework, ensuring secure, scalable enforcement across distributed applications.
Challenges We Addressed
Scaling Required Control Over Mappings, Lifecycle, Roles & Performance
Complex Many-to-Many License Relationships
Managing relationships among customers, products, licenses, and devices became increasingly difficult at scale. This resulted in inconsistent mappings and higher operational overhead.
License State Lifecycle Control
Frequent state changes across active, expired, and revoked licenses created risks of invalid or conflicting transitions. This impacted licensing reliability and audit accuracy.
Role-Based Access Control for Admin Operations
Multiple admin roles with distinct responsibilities increased the risk of overlapping permissions and unauthorized access to sensitive licensing operations.
High-Performance Data Grids with Inline Operations
Large license datasets caused slow rendering and reduced responsiveness in grid operations such as filtering, searching, and inline updates.
Our Solutions
Hybrid Validation + Governance For Consistent Enforcement
A hybrid licensing model standardized validation across environments while eliminating inconsistencies between online and offline activation.
Normalized License Entity Mapping Layer
License associations between customers, products, and devices were becoming increasingly inconsistent and difficult to manage as the system scaled. We eliminated inconsistent and conflicting license mappings across customers, products, and devices by enforcing system-level validation rules.
IMPACT: Eliminated duplicate and conflicting license mappings across all entities.
Controlled License State Management
Uncontrolled or invalid transitions between license states were causing inconsistencies in lifecycle tracking, particularly across active, expired, and revoked states. Our experts eliminated invalid license state transitions across lifecycle operations.
IMPACT: Removed invalid state transitions across license lifecycle operations.
Role-Based Access Control for Admin Operations
As the system expanded, multiple administrative roles increased the risk of overlapping permissions and unauthorized access to sensitive licensing operations. Our experts implemented a centralized role-based access control system where every admin action is explicitly permission-gated at the API level.
IMPACT: Eliminated unauthorized admin actions through strict API-level permission enforcement.
Optimized Data Grid Handling with Inline Operations
Large-scale license datasets caused performance bottlenecks in the admin dashboard, especially during filtering, searching, and inline updates. We optimized data handling by switching to server-side pagination and ensuring inline updates target only modified records, rather than reloading full datasets.
IMPACT: Handled 100K+ records with no UI performance degradation
This architecture enabled reliable offline operation, eliminated client-side trust dependencies, and supported scalable, multi-product integration via an API-first approach. It enables multi-product integration through an API-first design while allowing updates to licensing logic without redeployment.
Why This Licensing Architecture Works
Secure Enforcement With Offline Resilience
Hybrid licensing combines cloud API control with cryptographically signed offline validation. This ensures secure enforcement, real-time governance, and resilience during outages.
- Combines real-time online validation with secure offline verification
- Ensures tamper-proof enforcement using asymmetric cryptography
- Enables centralized control without continuous connectivity
- Supports scalable multi-product integration via APIs and SDKs
- Eliminates fragmented licensing logic across applications
- Maintains consistent license state management across environments
This model delivers a unified licensing system that remains secure, scalable, and fully operational across both connected and offline environments.
Screens From the Live Build
Surfaces We Designed & Engineered Into Production
Selected moments from the shipped Soraco licensing platform the surfaces where license issuance, activation, enforcement, and administration come together across web dashboards and integrated workflows.
Main Features & Functionalities
Designed For Secure Licensing Operations
- License Generation, Activation & Validation: Uses asymmetric cryptography with a hybrid validation model to ensure tamper-proof and consistent enforcement across environments.
- License Models & Lifecycle Management: Supports trial, subscription, and perpetual licenses with controlled state transitions (active, expired, revoked) for reliable lifecycle enforcement.
- Device-Based License Binding: Binds licenses to specific machines using hardware-based fingerprints, preventing unauthorized reuse across devices.
- Feature-Level Access Control: Controls application functionality through embedded feature flags, enabling or restricting access without code changes.
- Admin Portal & License Operations: Provides a centralized web portal to manage license creation, activation, deactivation, and tracking across customers and products, with built-in notification workflows.
- Usage Tracking & Audit Logs: Captures license activity, including activations and usage patterns, with detailed audit logs for full traceability.
- API-Driven Licensing System: Exposes centralized APIs for license issuance, activation, and validation, enabling seamless integration across multiple products.
- E-Commerce Integration: Automatically generates and delivers licenses after successful transactions, linking purchase events directly to license issuance.
- Import & Migration Support: Supports importing existing licenses and customer data from legacy systems without requiring reissuance.
- Cross-Platform Support: Ensures consistent license validation and enforcement across desktop and web applications.
Technologies and Tech Stack We Used
Tools Chosen For Scale & Validation Speed
C# · .NET 6
Core licensing services, validation logic, and lifecycle operations.
Angular 7
Admin portal experience with high-volume grid operations.
Telerik Kendo · Angular Material · Bootstrap
Reliable components for fast data grids and management workflows.
Asymmetric crypto · RBAC
Tamper-proof offline validation with strict permission gating.
Testing & Quality Assurance
Validated For Accuracy, Reliability & Protection
Automated test suites were implemented for API validation and state transitions. Load testing was conducted to validate performance under concurrent activation requests.
- License workflow testing to validate generation, activation, and renewal processes
- API endpoint testing for accurate request-response handling
- Online and offline activation testing for reliable validation
- License state validation to prevent invalid transitions
- Data integrity checks across the database, API, and UI layers
- Audit log verification for accurate tracking of system actions
- UI interaction testing for correct data rendering and updates
- Data grid testing for filtering, sorting, and pagination accuracy
- Cross-platform testing for consistent license enforcement behavior
- Security validation for invalid keys, duplicate activations, and access control
Our Approach & Development Timeline
Phased Delivery Across 12 Months
The implementation followed a phased delivery approach across backend, frontend, and integration layers. The goal was to build a stable foundation first, then incrementally add functionality, integrations, and controls without disrupting earlier work.
Requirement Analysis
System Definition & validation model specification.
Core Backend Development
Validation services, APIs, and lifecycle workflows.
Web Application Development
Admin dashboard and operational controls.
Desktop Tools & API Integration
SDK-based standardization across products.
Data Integrity & Security Implementation
RBAC, governance, and enforcement hardening.
Testing, Optimization & Deployment
Load testing, optimization, and production release.
Outcome or Measurable Results
Production-Grade Reliability At High Activation Volumes
The project delivered significant improvements in system performance, scalability, and licensing reliability. It enabled consistent enforcement across environments while reducing operational overhead and support dependency.
Accurate license-to-user mapping across all transactions
reduction in licensing-related support requests compared to the legacy system
supporting multiple products and license types
revocation and updates across all connected instances
Overall, the system eliminated inconsistent license enforcement and established a scalable, reliable validation framework across all environments.
