Skip to content
pageflare

License API

The License API lets you programmatically issue new license tokens and refresh existing ones. These endpoints are typically called by the Pageflare CLI during pageflare login and pageflare token refresh, but you can call them directly when building integrations.

Base URL

Section titled “Base URL”
https://pageflare.dev/_api

All license endpoints require an Authorization: Bearer <your-token> header. See Authentication for details.

Token format

Section titled “Token format”

License tokens are signed JWTs. They encode your account identity, license tier, and an expiration time. The CLI and API validate the signature on every request — you do not need to inspect the payload yourself.

A decoded token payload looks like this:

{
  "sub": "user_abc123",
  "email": "user@example.com",
  "tier": "pro",
  "features": ["spa_mode", "adaptive_sizing", "critical_css"],
  "valid_until": "2027-03-12T00:00:00.000Z",
  "iat": 1741776000,
  "exp": 1773312000
}
ClaimDescription
subYour Pageflare user ID
emailEmail address linked to the account
tierLicense tier: free, pro, or team
featuresArray of Pro/Team features enabled on this token
valid_untilLicense expiry (subscription end date)
expJWT expiry — refresh before this timestamp

POST /license/issue

Section titled “POST /license/issue”

Issue a new license token for the authenticated account. Use this to generate a token when setting up a new machine or CI environment.

Request

Section titled “Request”
POST /_api/license/issue
Authorization: Bearer <your-token>

No request body is required.

Response

Section titled “Response”

200 OK

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Store the returned token securely. The CLI writes it to ~/.config/pageflare/credentials.json. In CI, store it as a secret environment variable and pass it via the PAGEFLARE_TOKEN environment variable or the --token flag.

Try it

Section titled “Try it”
POST/license/issue
Request
Response
Click Send to make a request

Errors

Section titled “Errors”
StatusMeaning
401 UnauthorizedInvalid or missing token
403 ForbiddenAccount does not have an active license

GET /license/refresh

Section titled “GET /license/refresh”

Refresh an existing license token before it expires. This returns a new token with a refreshed expiry — the old token remains valid until its exp claim is reached.

Request

Section titled “Request”
GET /_api/license/refresh
Authorization: Bearer <your-token>

Response

Section titled “Response”

200 OK

{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

Replace any stored copy of the old token with the new one.

Try it

Section titled “Try it”
GET/license/refresh
Request
Response
Click Send to make a request

Errors

Section titled “Errors”
StatusMeaning
401 UnauthorizedInvalid or missing token
403 ForbiddenLicense is expired or has been revoked

Using tokens in CI

Section titled “Using tokens in CI”

Set the token as a secret in your CI environment and reference it via the environment variable PAGEFLARE_TOKEN:

Terminal window
# GitHub Actions example
- name: Optimize site
  env:
    PAGEFLARE_TOKEN: ${{ secrets.PAGEFLARE_TOKEN }}
  run: pageflare dist/ --output dist/

When PAGEFLARE_TOKEN is set, the CLI skips the credential file and uses the environment variable directly. This is the recommended approach for CI pipelines — do not commit tokens to source control.

To generate a long-lived CI token:

Terminal window
pageflare token issue

This calls POST /license/issue and prints the token. Copy the output and store it as a CI secret.