About License Keys

To develop and commercialize solutions using Samsung Enterprise Alliance Program (SEAP) SDKs, you need to activate license keys in your app.

Overview

License keys ensure that only authorized apps may call APIs from the SDKs available through the Samsung Enterprise Alliance Program (SEAP). They prevent malicious attempts to compromise your data and systems.

Get Started

1. Obtain development key for an SDK

In the development phase of your app, you need to obtain a development license key for the SDK you would like to use. To obtain keys, you must be enrolled as a SEAP developer or partner.

Development license keys:
• Permit access to all Knox permissions for free
• Have a limited lifetime
• Have a limited number of seats, or unique activations

When you are ready for commercial deployment, you can obtain a commercial license key that can scale to as many customers as you require but you must be enrolled as a SEAP partner in order to generate commercial keys.

The following table explains which development keys to use for which SDKs:

SDK License key Description No. unique activations Valid Period Maximum no. licenses How to obtain
Knox SDK,
Knox Tizen SDK for Wearables
KPE1 Development Access full permissions for development purposes. Developer: 10
Partner : 30
Developer: 3 months
Partner: 6 months
1 Get license key
Backwards Compatible Key2 Allows backwards compatibility with devices running Knox v2.7 or earlier. Activated in addition to the KPE license key.

In development, it is optional with both the Knox SDK and Knox Tizen SDK for Wearables.
Unlimited Unlimited 1 Get license key
Attestation REST API Necessary if you are using the Attestation feature of the Knox SDK and Knox Tizen SDK for Wearables. N/A N/A 1 Get REST API
Enterprise Firmware Over-The-Air (E-FOTA) E-FOTA REST API Access E-FOTA services. N/A N/A 1 Get REST API

1. Knox Platform for Enterprise (KPE) is a commercial Knox product that provides permissions to access government-grade security and management features of the Knox on-device platform. See 4. Obtain commercial key
2. The backwards compatible key is generated a single time and may be used with an unlimited number of KPE license keys. It is used for commercial deployments as well.

Note: The Samsung India Identity SDK and the Samsung EDU SDK use a license key called the Enterprise License (ELM) key. Please request one via the Samsung India Identity SDK page or generate one for the Samsung EDU SDK.

2. Build your app

After obtaining your Development license key, you need to prepare your app to activate it.

a. Declare permissions in your app’s manifest file. Different APIs require different permissions. For a full list of permissions, see Full List of License Permissions.

b. Create a device admin receiver class to access Knox permissions. See Set up Device Admin for an implementation example.

c. Create a license receiver class to handle license activation requests. See How to use license keys for an implementation example.

If you are...

Using a device-based SDK (ex. Knox SDK, Knox Tizen SDK for Wearables)

You activate your license through MainActivity.java. See How to use license keys for implementation details.

Using a web service (ex. E-FOTA)

Your web script includes the license with every REST API call. See How to use license keys for implementation details.

If you need to support device-based SDKs on devices running Knox 2.7 or earlier, you activate the backwards compatible key alongside a license key. See How to use license keys for more information.

d. Build the rest of your app’s logic. Our SDKs provide numerous APIs to help you create your app.

3. Activate the license

To receive authorization to call APIs, you need to activate your license key in your app using a license activation API. You can find the code on How to use license keys.

You may now run your app to activate a license key. The license activation process consists of three steps.

1. Activation Request
After the activateLicense() API is called, an activation request will be delivered to the Samsung License server via the license agent. The request contains information about the license key, app, and device.

Note: Once activated, a license will remain activated for a device until the deActivateLicense() API is called.

2. Validation
When the license key is checked by the license server, the license server also validates the app’s public key hash and package name to determine if the given license key can be activated. For this reason, you must associate your app with your license key (See Step 5).

Note: App association is only required for commercial and trial license keys. You do not need to associate your app with development license keys.

3. Permission grant
If the validation step passes, the permissions requested in the app’s manifest file are granted. The app may now access those permissions at runtime. Granted permissions are only available to the app.

Note: If you do not activate the backwards compatible key on a device running Knox 2.7 or earlier, the license key activation itself may succeed but no permissions will be granted.

Network connectivity
Devices need network connectivity to activate licenses with our web-based license server.

License Revalidation
The license server periodically revalidates the license on the device. If validation fails, all device permissions are revoked.

In the case of per-seat licenses, if a device has not been validated with a license server in 60 days or more, the license server will deactivate the license on the device and free the license seat. This helps to recover licenses from broken, compromised, or unused devices.

Inactive License Modes
There are three possible inactive license modes:

  • Inactive – If a license key has not yet been activated.

  • Expired – If the license has expired, validation fails and permissions are revoked.

  • Terminated – If the license is no longer active, validation fails and permissions are revoked. Only Samsung can terminate a license.

  • Revoked – If a license is deactivated, permissions are revoked.

Inactive Device Modes
There is one inactive device mode:

  • Deactivated – If the device is deactivated by calling the deActivateLicense() API, permissions are revoked. The license seat is freed in the case of a per-seat license key. In the case of a per-device license key, there is no change. The device is automatically deactivated if the app is removed on the device.

4. Obtain commercial key

Once you have finished developing your app, you can deploy it commercially by obtaining commercial license keys. You can obtain as many license keys as you need to scale your app. You must be a SEAP partner to register license keys onto the SEAP website, which is a necessary part of the license process.

If you would like to obtain a commercial key with standard permissions, you can generate one from SEAP. If you would like to obtain a commercial key with premium permissions, you can purchase it from a Knox reseller and then register it on SEAP.

The following table explains which commercial keys to use for which SDKs:

SDK License Key Description #Unique Activations Valid period Maximum # of licenses How to Obtain
Knox SDK, Knox Tizen SDK for Wearables KPE Standard Accesses Standard permissions. Unlimited Unlimited 100 Get license key
  KPE Premium Paid key. Accesses Standard & Premium permissions. As many seats as you purchase Monthly, yearly, or perpetual Unlimited Buy from a Knox reseller
  Backwards Compatible Key1 Allows backwards compatibility with devices running Knox v2.7 or earlier. Activated in addition to the KPE license key.

Optional with the Knox SDK, but mandatory with the Knox Tizen SDK for Wearables.
Unlimited Unlimited 1 Get a license key
  Attestation REST API Necessary if you are using the Attestation feature of the Knox SDK. N/A N/A 1 Get REST API
Enterprise Firmware Over-The-Air (E-FOTA) E-FOTA REST API Accesses E-FOTA services. NA NA 1 Request from E-FOTA page

1. The backwards compatible key is generated a single time and may be used with an unlimited number of KPE license keys. It is used for commercial deployments as well.

5. Associate your app

Associating your app (Android or Tizen) with your commercial license key certifies your ownership over it. This prevents unauthorized users from using your license keys. Note that you do not need to associate your app with your development license key.

If you are...

Using a license key generated from SEAP

Associate your app:

On your Dashboard, associate your app via View my keys or get new ones > Associate a package

Using a license key obtained from a reseller

Register the license key and associate a package:

On your Dashboard, register the license key with your app via View my keys or get new ones > Register a license key

Troubleshooting

1. If you encounter license activation errors when you call the activateLicense() API, the errors will appear as an exception that you can catch and display. You can follow the possible fixes below. You can also find these error codes in the API Reference.

Error code Explanation & Solution
ERROR_NONE ERROR_NONELicense activation succeeded. No error.
ERROR_NULL_PARAMS A null parameter was passed into the license activation process. Ensure parameters are non-null
ERROR_NULL_PARAMS A null parameter was passed into the license activation process. Ensure parameters are non-null.
ERROR_SIGNATURE_MISMATCH The package signature of the app that requested the license activation does not match the expected package signature. Verify that you have associated your app on the SEAP website and that you are using the correct app.
ERROR_VERSION_CODE_MISMATCH The version code of the app that requested the license activation does not match the expected version code. Verify that you have associated your app on the SEAP website and that your app’s details are correct.
ERROR_UNKNOWN Unknown error. Check the developer forum or contact us for assistance
ERROR_INVALID_LICENSE The license to be activated was invalid. Check if you have entered the correct license key or if it is still active.
ERROR_INVALID_BINDING The application binding is invalid. Either the application product type does not match with the license product type or the application is not bound to the given license key. Check that you are using the correct application type and that you have associated it with the license key.
ERROR_LICENSE_TERMINATED The license has been terminated and may not be activated. You can obtain a new license key.
ERROR_LICENSE_DEACTIVATED The license has been deactivated and may not be activated again. You can obtain a new license key.
ERROR_LICENSE_EXPIRED The license is expired and may not be activated. You can obtain a new license key.
ERROR_LICENSE_QUANTITY_EXHAUSTED License seat quantity is exhausted. You can obtain more license seats.
ERROR_LICENSE_QUANTITY_EXHAUSTED_ON_AUTO_RELEASE License seat quantity is exhausted after automatic seat count release. The device was deactivated automatically due to 60 days without validation and the license quantity was exhausted at the time it tried to perform an automatic re-activation. You can obtain more license seats.
ERROR_INTERNAL Internal error. Check the developer forum or contact us for assistance.
ERROR_INTERNAL_SERVER Internal server error. Check the developer forum or contact us for assistance.
ERROR_NETWORK_DISCONNECTED ERROR_NETWORK_DISCONNECTED Your device is not connected to the network. Ensure that it is connected.
ERROR_NETWORK_GENERAL General network error. Check your network settings.
ERROR_USER_DISAGREES_LICENSE_AGREEMENT The end-user declined the license agreement. Ensure that they accept the EULA when it appears.
ERROR_INVALID_PACKAGE_NAME The package name of the application is invalid. Verify that your app is using a correct name and that you have associated it on the SEAP website.
ERROR_NOT_CURRENT_DATE Device time differs from server time by more than 1 month. Check your device time to ensure that it is the current time.

2. If your app was not granted the proper permissions, check which permissions are included in your license key and which permissions are declared in your app’s manifest file.

3. If you are unable to associate your app’s package file, check:

  1. If you correctly declared permissions in your app’s manifest file.

  2. If you are the unique owner of the app. If another vendor has already associated the app, then you will be unable to associate the same app.

4. If you encounter other errors, check the SDK API references (ex. Knox SDK API reference). Error codes for each class are explained on their respective pages.

5. If you have questions, you can join our community on the Developer Forum.

Next Steps

1. View Full list of License Permissions – See which permissions are available for use in your apps and which keys you will need to use them.

2. Get license keys – Obtain license keys that can be generated through the SEAP website.

3. FAQ – Check the faqs regarding licenses

4. Get started with the Knox SDK - Learn how to set up an app and activate a license with a device-based SDK.

5. Knox Tizen SDK for Wearables Developer Guide - Build solutions for Samsung wearable devices using the Knox Tizen SDK for Wearables.

6. Migrate your Knox 2.x app to 3.x – Learn how to migrate your app to the Knox SDK if you are using a legacy SDK (Standard, Premium, ISV, or Customization). You do not need to migrate if your app is already supported for Knox 3.x.

7. Contact technical support if you require further assistance

Join the Samsung Enterprise Alliance Program today to develop and distribute your B2B solution, and connect with the global Samsung community.

Learn more about the program