License Management¶

Privitty Edge requires an active license for encrypted send operations — file transfer, access revocation, and Privitty handshakes. Read-only and infrastructure calls work without a license.

What requires a license¶

Allowed without license	Requires license
`GET /health`	`privitty_send_file`
`get_config`, `get_info`, `get_connectivity`	`privitty_send_group_file`
`get_chatlist_*`, `get_messages`	`privitty_revoke_file_access`
Plain `send_msg` (text)	Privitty handshake methods
`secure_join`, `invite`

Obtain a delivery URL¶

Your administrator generates a license in the Privitty admin portal. You receive a delivery URL like:

https://plm.privittytech.com/v1/license/TOKEN123

The exact hostname comes from your portal — use the URL as provided.

Activate at container start (recommended)¶

Pass the URL when starting the container — one command, no restart:

docker run -d \
  --name privitty-edged \
  -e PRIVITTY_PROFILE=gateway01 \
  -e PRIVITTY_LICENSE_URL="https://plm.privittytech.com/v1/license/TOKEN123" \
  -p 127.0.0.1:7200:7200 \
  -v privitty-data:/var/lib/privitty \
  privitty/edge:latest

Startup order¶

On first boot the daemon:

Prepares the accounts volume (chown to UID 1000 on Docker Desktop)
Initializes the Delta Chat accounts directory
Stores the device fingerprint
Activates the license from PRIVITTY_LICENSE_URL (if privitty.lic is absent)
Provisions the gateway account with the relay
Loads the license and starts the HTTP server

If privitty.lic already exists in the volume, activation is skipped (safe on restart).

Activate on a running container¶

If the daemon was started without PRIVITTY_LICENSE_URL:

docker exec privitty-edged \
  privitty-edge --accounts /var/lib/privitty \
  license activate "https://plm.privittytech.com/v1/license/TOKEN123"

docker restart privitty-edged

The daemon loads the license only at startup, so a restart is required after late activation.

Check status¶

docker exec privitty-edged \
  privitty-edge --accounts /var/lib/privitty license status

Status	Meaning
`active`	All send operations permitted
`grace_period`	Expired but within grace window — renew soon
`expired`	Send operations blocked
`no_license`	No license file found

At startup, the daemon logs license status to stderr when loaded successfully:

[privitty-edged] License: active (id=…, type=…, max_devices=…)

Sync (recommended)¶

Run periodically to refresh the local copy and report device usage:

docker exec privitty-edged \
  privitty-edge --accounts /var/lib/privitty license sync

Cron example (daily at 03:00):

0 3 * * * docker exec privitty-edged privitty-edge --accounts /var/lib/privitty license sync

Deactivate¶

Release this device's seat when decommissioning hardware:

docker exec privitty-edged \
  privitty-edge --accounts /var/lib/privitty license deactivate

The local license file is retained for inspection but the device seat is released on the server.

Error when license is missing¶

Gated API calls return JSON-RPC error -32001:

{
  "error": {
    "code": -32001,
    "message": "Privitty license required: status is 'no_license'. …"
  }
}

Handle this in your integration layer and alert operators to renew. See Example E · License.

Files on disk¶

File	Purpose
`privitty.lic`	License JWT
`device.uuid`	Stable device identifier
`license_server.txt`	License server base URL (derived from delivery URL)
`activation.json`	Activation metadata

All live under PRIVITTY_ACCOUNTS (default /var/lib/privitty). Back up with your volume snapshots.