How it works
The control plane issues a signed license with plan, workspace, Runtime Slot allowance, expiration, grace, and key id.
The install token activates one runtime deployment and binds it to a workspace and slot allowance.
The runtime validates the license locally and reports heartbeat metadata without sending call media.
A local agent renews the signed lease while the subscription and registry access are active.
Runtime behavior
ActiveRuntime can start, validate the signed lease locally, and pull allowed stable updates.Offline windowRuntime keeps operating until the signed expiration if the license service is temporarily unreachable.GraceRuntime enters grace after expiration and surfaces operator warnings before stopping new activations.ExpiredRegistry access and license renewal stop. Customer data remains in customer infrastructure.Local verification
Licenses are signed by Aywa's license service and validated locally by the runtime. Each lease includes a key id so verification keys can rotate without changing the customer deployment.
Fair enforcement
License enforcement focuses on activation, updates, and signed runtime authorization. Customer configuration, call data, recordings, and provider secrets remain in the deployed infrastructure.
Token types
Install token
Short-lived, one-time deployment credential used by the installer to activate a runtime deployment.
Registry token
Short-lived pull credential for signed runtime images and updates.
License lease
Signed runtime authorization that can be validated offline until expiration.
Runtime API key
Customer-owned key for private API access to the deployed runtime.