You built a desktop app. You sell it through your WooCommerce store. A customer buys a license, gets a serial code in their order email — and then your app needs to check: is this code real, or did someone just type in a random string? To validate a license key via API from WooCommerce, you need your WordPress site to act as the validation endpoint. Here is exactly how that works with the Serial Codes Generator and Validator plugin.
Most WooCommerce store owners selling software, digital downloads, or hardware with activation codes run into the same wall. The sale goes through. The code gets emailed. But once the customer opens your app and types that key — nothing happens. Your app has no idea whether the code is valid, already used, or made up entirely.
The standard workaround is painful: build a custom backend service, host it separately, wire it to your WooCommerce database, handle auth, handle errors, keep it running. That is weeks of infrastructure work before you have written a single line of business logic.
There is a simpler path.
[SCREENSHOT: WooCommerce order email showing a serial code assigned to a digital product purchase]
The Serial Codes Generator and Validator with WooCommerce Support plugin does exactly what the name says — but the part most people overlook is the REST endpoint it exposes for external validation.
When a customer buys your product on WooCommerce, the plugin automatically assigns an unused code from your list and delivers it in the order email. That same code lives in your WordPress database, tracked with its status: active, used, or stolen.
Your external app — whether it runs on Windows, macOS, Linux, iOS, or Android — can then send a simple HTTP GET request to your WordPress site and get a response back in under a second. No separate server. No custom API layer. Your WordPress installation is the validation backend.
[SCREENSHOT: Serial Codes admin panel showing a code list assigned to a WooCommerce product, with code statuses visible]
Here is how the flow works in practice once the plugin is installed and a code list is assigned to your WooCommerce product.
1. The customer buys your product. Serial Codes assigns one unused code from your list to the order automatically. The code appears in the WooCommerce order confirmation email.
2. The customer enters the code into your app. Your app collects the key in whatever input field you have built — a registration screen, a settings panel, anywhere.
3. Your app sends a GET request to your WordPress REST endpoint. The request passes the code as a parameter. The endpoint is part of your own domain — no third-party service involved.
4. WordPress responds with the validation result. The response tells your app whether the code is valid or not. If you have configured one-time usage, the code gets marked as used after the first successful check. If the code has been reported stolen, the endpoint returns that status instead.
5. Your app reacts accordingly. Grant access, show an error, or block activation — all based on the clean JSON response your backend returned.
[SCREENSHOT: Example JSON response from the validation endpoint showing a successful code check]
The entire round-trip — from your app sending the request to receiving the response — takes less than a second on any standard WordPress hosting plan.
The plugin gives you fine-grained control over how each code behaves, which directly affects what the API returns.
[SCREENSHOT: Serial Codes code list settings panel showing expiration date and one-time-use configuration options]
All of these settings apply equally whether the validation comes from the frontend shortcode on your website or from an external app calling the REST endpoint. The same rules, the same status, the same response.
It is worth being precise about the scope so you set the right expectations.
Serial Codes stores all codes in your WordPress database. There is no external cloud license server or hardware fingerprinting. If you need to bind a license to a specific device MAC address or CPU ID, that logic would live in your app — the plugin just tells you whether the code itself is valid.
The plugin also does not manage recurring subscriptions. License renewal is handled by WooCommerce and whatever subscription plugin you use. Serial Codes handles the code validation layer, not the billing layer.
If you need codes to be validated across multiple WordPress installations simultaneously, that is outside the plugin’s scope — codes live in one WordPress database and are validated against that database.
Within those boundaries, the REST validation endpoint covers the large majority of real-world use cases: software activations, digital download verification, hardware serial validation, and access-code gating for any application that can make an HTTP request.
The free version of Serial Codes Generator and Validator is available on WordPress.org and includes the core generator, code lists, WooCommerce integration, the frontend validation shortcode, and the stolen product database.
API-based validation for external apps is available in the premium tier. Premium also adds CSV bulk import, expiration dates per code, IP logging, brute-force protection, and HPOS support for WooCommerce.
To set up external API validation:
No separate server. No custom backend. No infrastructure overhead. Your existing WordPress site handles every validate license key API request your WooCommerce customers generate — whether they are activating a desktop app, a mobile tool, or any other platform that can send an HTTP GET request.
Download the free version on WordPress.org →
Get Serial Codes Premium with API Validation →