How to not expose my license key in the client side? (browser)

Hi Gabor,

Greetings from Syncfusion support.

We also have a way to register the license key using the npx command. If you suspect that your license key will be exposed while registering it in the main.ts file, we suggest you to register the license key using npx command. We have provided the support, registering the license key using npx command in volume 2 2022 release (v20.2.0.36).

Please refer to the below documentation for registering the license key using npx command,

https://ej2.syncfusion.com/react/documentation/licensing/license-key-registration/#register-syncfusion-license-key-using-the-npx-command

Please get back to us if you have any queries.

Regards,
Ragunath S

Hi Ragunath,

Many thx for the answer. 

It is definitely a great help to have the license code in separate file or in the environment, this solves the problem how to not check it into git, so the license will not exposed to the source control.

I've read the documentation link, you pointed, what is not clear for me, what kind of  "trick" will do the

npx syncfusion-license activate

I mean, a) will it then only check the valid license _build_ time, so the webpacked site will not contain any license related secret, or b) it will embed the key somehow to the final webpacked result, so the site still will check it runtime, when the browser are using the SPA.

Hi Gabor,

The npx command will encrypt the license key and include it in the build, then the site will check the key in the runtime. So, it won't be exposed in the client end.

Please get back to us if you have any queries.

Regards,

Ragunath S

Thanks for the info on what the npx command does. I assume this validation happens in the browser when the site is loaded without any explicit code written in `main.ts` or anywhere else in the SPA.

However, when we tried to run the npx command, it throw an error. Had the package been removed from npm repo?

% npx syncfusion-license activate
npm ERR! code E404
npm ERR! 404 Not Found - GET https://registry.npmjs.org/syncfusion-license - Not found
npm ERR! 404 
npm ERR! 404  'syncfusion-license@*' is not in this registry.
npm ERR! 404 
npm ERR! 404 Note that you can also install from a
npm ERR! 404 tarball, folder, http url, or git url.

Hi Chandana, 

We understand that you are experiencing difficulties with license registration. Upon thorough validation of the reported scenario, we would like to inform you that Syncfusion-license activation is still available and has not been removed from the registry. We have not been able to replicate the scenario you are facing with license registration.

Additionally, we suspect that our register license command is being attempted to call before installing node_modules in the application. This scenario can lead to the issue you reported. To assist you further, we have listed the steps to follow for registering the license using environment variable:

Step 1: Delete @Syncfusion from node_modules directory and clear npm cache:  npm cache clean --force.

Step 2: Ensure that you use the same major version for all our Syncfusion packages in the package. json.

Step 3: Install the packages. Make sure the node_modules are generated.

Step 4: Now set the variable `setx SYNCFUSION_LICENSE "replace your specific license key for the appropriate version"`.

Step 5: Once you have set the SYNCFUSION_LICENSE environment variable, restart the IDE or application terminal before using the license activation command.

Step 6: Now call the command `npx syncfusion-license activate`.

Success message: Syncfusion License imported successfully.
 

If you are using a license text file for regitration, you can skip steps 4 and 5 and replace the license key in the text file. We hope this information helps. If the issue still persists, kindly reach out to us again. We are here to help.

Regards,

Mohamed Imran T