Version: 1.0.0
Code Heaven Developer API
Server-to-server API for Code Heaven plugin/theme vendors to validate and manage developer licenses, control per-domain activations, check for product updates, and obtain short-lived signed package download URLs.
Authentication
All requests authenticate with a vendor server-to-server API key passed in
the X-CH-Vendor-Key request header. This is the vendor (developer) credential
and is distinct from the buyer-facing OAuth flow. Keep this key secret and never
expose it in client-side code or end-user browsers.
Errors
Error responses share a common envelope:
{ "error": { "code": "license_invalid", "message": "The license key is not valid." } }
| HTTP | code | Meaning |
|---|---|---|
| 400 | invalid_request | Malformed or missing request parameters. |
| 401 | (unauthorized) | Missing or invalid vendor API key. |
| 403 | license_invalid | License is not valid for this operation. |
| 403 | expired | License has expired. |
| 403 | domain_not_activated | Domain is not activated for this license. |
| 404 | not_found | License or resource does not exist. |
| 409 | seat_limit_exceeded | Activation would exceed the seat limit. |
| 429 | rate_limited | Too many requests; retry later. |
Authentication
- API Key: VendorApiKey
Vendor server-to-server API key. Distinct from the buyer OAuth flow.
Security Scheme Type: | apiKey |
|---|---|
Header parameter name: | X-CH-Vendor-Key |
Contact Code Heaven Developer Support:
License Proprietary