LicenseMarket
Beta

Your Professional
Software Marketplace.

Automate your software sales, manage licenses with LicenseGate, and scale your business with a built-in affiliate engine.

Get Started Now Explore Live Demo

Why Choose LicenseMarket?

LicenseMarket isn't just a script; it's a complete ecosystem designed to let you focus on what matters: Building your software.

  • Developer Friendly

    Clean PHP 8.2+ code, PSR-12 compliant, and easy to extend with your own logic.

  • Zero Dependencies

    Runs on any standard web hosting. No complex Node.js or Docker setup required.

  • Lifetime Value

    Buy once, use forever. No monthly subscriptions, no hidden fees.

Ready for Growth

Whether you're selling a single plugin or a massive SaaS suite, LicenseMarket handles the heavy lifting of licensing, billing, and affiliate management.

100%

Automated

0€

Monthly Fees

Fee Calculator

Calculate Your Savings

See how much revenue you keep by hosting your own licensing platform.

Gumroad Fees (10%)

$6,000 / yr

LemonSqueezy (5% + $0.50)

$3,240 / yr

LicenseMarket

$29 (One-time)

Your Yearly Savings: $5,971*

*Based on competitor transaction fees compared to a single one-time purchase of LicenseMarket. Excludes Stripe/PayPal merchant processor fees.

Enterprise Features

Designed for performance and ultimate reliability.

LicenseGate Automation

Instant key generation and remote validation via LicenseGate.io. Zero manual effort for you and your customers, with fully automated subscription renewal cron checks.

Affiliate Dashboard

Recruit promoters and manage commissions. Full dashboard for partners to track their sales, refer cookies, and request payouts.

Bundles & Flash Sales

Maximize conversions by setting up product bundles and limited-time flash sales with integrated countdown timers and dynamic discounts.

Advanced Security Stack

Fortified with Time-based One-Time Passwords (2FA/TOTP) for secure login, secure JWT cookies, and strict JTI blacklist validation.

Mollie & Multi-Payment

Support Stripe, PayPal, manual Bank Transfers, and now Mollie (iDEAL, Sofort, EPS, credit cards) with full cryptographically-verified webhook safety.

Live Visual Editor

Edit landing page texts, titles, descriptions, and CTA buttons visually and instantly on the page and save them to the database in real-time.

PDF Invoices

Automated, legally compliant PDF invoices generated instantly upon purchase. Fully localized and sent directly to customers.

Multi-Language

Fully translated interfaces with built-in localization (i18n). English and German included out of the box with custom translation editor.

Knowledge Base

Built-in support articles and FAQs to reduce support tickets and help your customers resolve questions instantly.

Impersonation Mode

Sign in as any customer with a single click from the admin dashboard to debug licensing issues, download resources, or update keys.

License Request Audits

Keep track of active IPs, request headers, validation history, and verification attempts for every license key with clean audit logs.

Advanced Sales Analytics

Gain deep insights into your revenue streams, average order values, and conversion rates with beautiful integrated charting dashboard.

GDPR Anonymization

Fully compliant with GDPR Art. 17 (Right to Erasure). Allows users to delete accounts by securely purging personal keys and data, while keeping anonymized order logs intact for tax compliance.

EU Consumer Protection

Built-in German "Button-Lösung" (§ 312y BGB) compliance. Unregistered users can cancel active subscriptions via a public email-verified cancellation form.

Stop Overpaying in Fees

Why give away 5-30% of your revenue to marketplaces?

Platform Monthly Fees Transaction Fees Data Ownership
Gumroad / Others 0€ - 29€ Up to 10% Limited
LicenseMarket 0€ (One-time) 0%* 100% Yours
*Excluding standard payment processor fees (Stripe/PayPal) which you pay everywhere.
System Architecture

Built for Scale & Security

A high-performance, modular system architecture with zero bloat.

API
Robust MVC Backend

Powered by PHP 8.2+ with a single entry point router. Includes secure JWT token middleware, JTI blacklisting, and rate limiting stack for brute force protection.

SPA
Vanilla JS Frontend

A blazing-fast Single Page Application with client-side routing, dynamic multi-language localization (i18n), cookie consent banner, and accessibility controls.

GATE
LicenseGate Service

Integrates with LicenseGate.io to handle remote license verification, active IP tracking, request logging, and daily automated expiration checks.

DB
Relational Database

Structured on MySQL/MariaDB using InnoDB. Employs cascading foreign keys to ensure absolute data consistency and transactional integrity.

Data & Request Flow
Frontend SPA

Vanilla JS Router

Middlewares

JWT / Rate Limiter

App Controllers

Business Logic

InnoDB Engine

Cascading Storage

Server Compatibility

Requirement Minimum Recommended Purpose
PHP Version 8.2 8.3+ Modern execution runtime, type-safety, and security.
Database MySQL 5.7 / MariaDB 10.3 MariaDB 10.6+ InnoDB transactional storage Engine with relational foreign key cascading.
PHP Extensions PDO, openssl, curl PDO, openssl, curl, bcmath, zip BCMath is required for secure Stripe payments. Zip is used for database backups.
Web Server Apache / Nginx Nginx URL rewriting rules redirecting requests through router frontend.

Premium Dashboard Experience

Full control for you, ultimate convenience for your customers.

Admin Dashboard
Admin Dashboard
For Administrators

Master Your Marketplace

Our powerful admin panel gives you a birds-eye view of your entire business. Track revenue, manage licenses, and support customers from a single interface.

  • Real-time Revenue Charts
  • Instant License Revocation
  • User & Order Management
For Customers

Stunning User Dashboard

Provide your customers with a world-class experience. A clean, intuitive area to download software and manage their keys.

  • Instant Product Downloads
  • Secure Key Display
  • Support Ticket Integration
User Dashboard
User Dashboard

3-Step Installation

1
Upload Files

Simply upload the project files to your web server via FTP or File Manager.

2
Setup Database

Create a MySQL database and update the database configuration file with your credentials.

3
Instant Launch

Navigate to your domain and start configuring your store. No complex installation scripts required.

Trusted by Developers Worldwide

"The LicenseGate integration is a game-changer. My entire licensing flow is now 100% automated."

— Alex R., Senior Dev

"Best marketplace script I've used. Clean code and super easy to customize to my brand."

— Sarah K., SaaS Founder

Simple Pricing

One-time payment for a lifetime of software sales.

Secure Payment
Free Updates
Verified Script
SALE -35%

Starter

12€ 19€
  • 1 Domain License
  • Core Automation
  • Ticket Support
Purchase Now
LIMITED SALE -40%

Professional

29€ 49€
  • Unlimited Domains
  • Removal of Branding
  • Affiliate Dashboard
  • Priority Support
Instant Access
CURRENTLY UNAVAILABLE

Full Source

59€ 99€
  • Everything in Pro
  • Full Source Code
  • Resell Rights Included

Frequently Asked Questions

Find answers to technical and operational questions about the script.

Yes, absolutely. LicenseMarket is a one-time purchase. Once you buy a license, you can host the script on your own servers forever with no recurring fees.

LicenseMarket requires PHP 8.2 or higher, a MySQL database (5.7+), and standard web hosting (such as Apache or Nginx) with URL rewriting enabled.

Yes! Through Stripe, PayPal, or Mollie integrations, you can easily offer recurring subscription products alongside lifetime purchases.

No, you can add as many products, subscriptions, and payment links as you want. The system scales with your business.

LicenseMarket supports Stripe (Credit Cards, Apple Pay, Google Pay, SEPA), PayPal, manual Bank Transfers, CoinPayments (Bitcoin & Cryptocurrencies), and Mollie (supporting iDEAL, Sofort, EPS, and European debit/credit cards).

Yes, with a Professional or Reseller license, you can remove all "Powered by" references and use your own branding.

Yes, all customers receive free lifetime updates. When a new version is released, you can simply download the new files from your dashboard.

Due to the nature of digital products and the inclusion of full source code, we generally do not offer refunds. However, if you encounter technical issues we can't solve, we'll find a solution.

Yes! LicenseMarket features a built-in visual live editor for administrators. Simply log in to your admin account, navigate to the landing page, click "Seite bearbeiten" on the floating live-editor toolbar, edit all titles, subtitles, and buttons inline, and click save to apply it globally!

You can recruit affiliates who get a unique referral link. When someone buys through their link, they receive a percentage commission (configurable in the admin panel).

No, LicenseMarket is 100% open source. You receive the clean PHP source code to inspect, modify, and host. There are no compiled files, zero dependencies, and no remote call-homes for script licensing.

Yes. The licensing controller supports domain wildcards (e.g., *.example.com) and strict IP limits (ipLimit). Activations are logged in the database, and the verification endpoint returns a validation error if a client request comes from an unregistered IP or exceeds the configured limit.

If you choose not to use the external LicenseGate API, LicenseMarket automatically switches to a standalone offline key generation mode. Keys generated in this fallback mode are prefixed with LM- and checked against your own local MySQL database tables rather than remote endpoints.

When a customer leaves the checkout flow, the system records a pending cart. If the checkout remains inactive for more than 2 hours, the cron job flags it. If the customer's email is known, the system automatically triggers a personalized recovery email containing a direct checkout link with a dynamic discount code.

The system implements an unauthenticated public cancellation portal at /subscriptions/public-cancel. Customers enter their subscription ID and email to request a cancellation. The system validates the details, sends a confirmation link via email, and securely cancels the subscription, fully meeting strict European consumer protection laws.

The client integration employs a signed JWT caching mechanism with local fallback. Client applications can verify licenses offline using public-key cryptography and allow a configurable grace period (e.g., 7 days) before requiring a successful server validation, ensuring maximum uptime.

When a user triggers User::gdprDelete(), their account is anonymized rather than deleted. Personal details (names, billing addresses, tax IDs, IP addresses) are replaced with dummy labels, and 2FA secrets are purged. This removes all personal identifiable information (PII) while preserving historical transaction amounts and invoice numbers required for tax audits.

Webhook controllers use database transactions wrapped with row-level locks (SELECT ... FOR UPDATE). When a payment provider sends duplicate or rapid successive webhook notifications, the database locks the order record. Subsequent webhook requests are held until the first transaction completes, preventing duplicate key generation.

Impersonation Mode uses a cryptographically signed one-time token. When an admin clicks the button, the system logs the session transfer, assigns a secure temporary authentication state, and records the admin's original session ID. This prevents unauthorized privilege escalation and ensures clean audit logging.

Instead of trusting the payload data sent in the webhook request, LicenseMarket's Mollie controller ignores external payment states. It extracts only the payment ID, then makes a direct, secure HTTPS request to Mollie's official API endpoints to fetch the status, ensuring webhooks cannot be simulated.

The cron script (cron_check_licenses.php) executes daily tasks: it updates active subscription durations, flags expired accounts, sends email reminders, and cleans the JTI database table by deleting all expired JWT tokens. This keeps the database lean and prevents verification performance degradation.

All core database tables are strictly designed using the MySQL/MariaDB InnoDB engine. This supports foreign key constraints with cascading operations (ON DELETE CASCADE / ON UPDATE CASCADE) and transaction safety (ACID), ensuring that user profiles, orders, and invoice logs never enter an inconsistent state.

Download links use a 32-byte cryptographically secure random token that expires in 15 minutes, is locked to the specific user's license, and is marked as used once consumed. Additionally, the system enforces configurable download limits, logs each download's IP address and User Agent, and uses strict path canonicalization to prevent path traversal attacks.

The referral cookie (ref_code) lasts for exactly 30 days after a user visits through an affiliate's link. If they purchase any product within this 30-day window, the affiliate is automatically credited.

The script supports Time-based One-Time Passwords (TOTP) following the RFC 6238 standard. Users and admins can secure their accounts using standard authenticator apps like Google Authenticator, Authy, or 1Password.

You can create custom coupon codes in the admin panel with support for percentage or fixed-amount discounts. Coupons can be restricted by minimum order value, start and expiration dates, and maximum total usage limits.

Bundles allow you to package multiple products together at a discounted price. When a customer purchases a bundle, the system automatically creates separate licenses and download permissions for each individual product within that bundle, allowing the user to manage them separately.

Yes, when a customer opens a support ticket or sends a reply, the system automatically triggers email notifications to administrators and, if configured, posts instant alerts to a Discord channel via the Discord Webhook service.

Profile modifications are strictly protected. Password updates require validation of the user's current password and must be at least 8 characters. Changing an email automatically generates a new secure JWT token and triggers notification alerts to both the old and new email addresses to prevent account takeover.

The administrator panel features a memory-safe, purely PHP-based database backup engine. Unlike standard dump utilities, it fetches rows iteratively to prevent memory exhaustion, ensuring it works reliably even on shared hosting environments with restricted PHP settings.