Entitlements API

A server-to-server endpoint to read a customer's current tier. Use it to gate features without trusting client state, or to reconcile if a webhook was missed.

Request

GET /v1/entitlements?app=lixblogs&uid=u_123
Authorization: Bearer <ELIXPO_PAY_API_KEY>
# or:  X-Elixpo-Pay-Key: <ELIXPO_PAY_API_KEY>

Authenticate with your app's secret key (the pay_sk_…shown once on app creation). It's SHA-256 compared server-side — keep it server-only.

Response

{
  "app": "lixblogs",
  "uid": "u_123",
  "tier": "member",
  "status": "active",      // active | expired | revoked | none
  "active": true,          // computed against expires_at for you
  "expires_at": "2026-07-16 12:00:00",
  "version": 3
}

A customer with no entitlement returns a safe default:

{
  "app": "lixblogs",
  "uid": "u_999",
  "tier": "free",
  "status": "none",
  "active": false,
  "expires_at": null,
  "version": 0
}

Notes

• active is the field to gate on — it already accounts for expiry.
• Responses are no-store; always reflect the latest grant.
• A missing or wrong key returns 401; an unknown app returns 404.