$ feature / commerce

Sales to license keys, end to end.

You don't have to write a backend to fulfill licenses. Connect Stripe or Lemon Squeezy, map a product to a license configuration, and AuthForge issues a key when payment succeeds and emails it to the buyer. Refunds revoke the license. Disputes pause it. Every step is signed, auditable, and replayable.

Stripe

Connect your Stripe account from Commerce → Stripe. Pick which products map to which AuthForge license configurations (key prefix, seat count, expiration policy). Set up the webhook URL Stripe gives you back; AuthForge automatically subscribes to checkout.session.completed, charge.refunded, charge.dispute.created, and enough other events to handle the whole lifecycle.

Once a checkout completes, AuthForge issues the license, optionally sends a templated email (with your branding, attached to your sending domain via AWS SES verification), and emits a license.created webhook to anything else you have listening. No buyer-side delay; the license appears on your customer portal in under a second.

Lemon Squeezy

Same model as Stripe but routed through Lemon Squeezy's merchant of record. Mapping is the same: pick a Lemon Squeezy product, map it to an AuthForge license configuration, copy the webhook URL into your Lemon Squeezy dashboard. Useful if you're selling to international customers and don't want to deal with VAT collection yourself; Lemon Squeezy acts as the merchant of record and remits taxes for you.

Provider webhook verification

Both Stripe and Lemon Squeezy sign their webhook deliveries. AuthForge validates those signatures on every incoming event before doing anything stateful, using the secret you registered when you connected the provider. This means a forged webhook can't spoof a payment or an over-refund; the signature check fails and the request is dropped without touching your license inventory.

Replay tooling for failed events

Sometimes a commerce event needs to be reprocessed: a Stripe checkout that fired before your AuthForge integration was live, a duplicate event whose handler crashed mid-write, a dispute that resolved in your favor and needs to reactivate a revoked license. The Commerce → Events page lists every event AuthForge ever received from your providers, with its status (delivered, failed, replayed, dropped) and a one-click replay button. Replays are idempotent on the event id, so re-running an already- successful event is a safe no-op.

Affiliate program (paid in credits)

AuthForge has a built-in affiliate program. You don't need a third-party tool. Affiliates sign up, get a referral link, and any signup that comes through that link is attributed to them. When the referred account spends money on credits, the affiliate earns a configurable commission, paid in AuthForge credits deposited straight into the affiliate's own account.

Why credits and not cash? Because the most common affiliate for AuthForge is another developer who's already validating their own users on the platform; commission paid as more validation runway is direct, tax-simple, and immediately useful. Cash payouts are also available for affiliates who specifically request them; ping affiliates@authforge.cc .