AS
New·

Security Best Practices & Cross-Product Licensing (Revit Case Study)

Learn how to secure your plugin’s licensing logic and how Revit and AutoCAD differ in their Entitlement API integration strategies.
Aa Ahmed2 min read

The final post in our series explores how to secure your plugin against tampering and misuse, and how cross-product strategies—especially with Revit—can help you unify your entitlement model across multiple Autodesk platforms.

Security and cross-product licensing diagram

1. Hardening Your Plugin

Avoid Hardcoded Keys

Never embed raw tokens or secrets in your binaries.

var key = Environment.GetEnvironmentVariable("ENTITLEMENT_API_KEY");

Use environment variables or secure key vaults.

Obfuscate Sensitive Logic

Use .NET obfuscators (e.g., ConfuserEx or Dotfuscator) to obscure validation logic from reverse engineering.

Integrity Checks

Verify plugin integrity at runtime:

if (!FileSignatureIsValid("plugin.dll"))
{
    ShowMessage("Tampering detected. Plugin disabled.");
    return;
}

2. Enforce Secure Communication

  • Always use https://api.autodesk.com
  • Validate TLS certificates manually in C++ (when using libcurl)
  • Avoid storing full token responses locally unless encrypted

3. Limit Exposure Surface

  • Keep entitlement logic in a sealed internal class
  • Expose only a minimal public API
  • Never log sensitive tokens or full API responses in production logs

4. Revit Case Study: Licensing Differences

Revit’s API surface offers similar entitlement handling through ExternalApplication and ExternalCommand. Here’s how it differs:

Startup Validation

public Result OnStartup(UIControlledApplication app)
{
    if (!ValidateRevitEntitlement())
        return Result.Failed;
    return Result.Succeeded;
}

Cross-Platform Strategy

Create a shared .NET Standard library for entitlement logic and reuse it across:

  • AutoCAD (.NET or AutoLISP COM bridge)
  • Revit (ExternalApplication)
  • Inventor or other products (where supported)

Trial Mode with UI Feedback (Revit)

TaskDialog.Show("License Status", "Trial license expires in 3 days.");
💡 Tip: Use a common LicenseService interface across products, and override platform specifics only where needed.

5. Summary Checklist

  • ✅ Secure keys & environment secrets
  • ✅ HTTPS only, with proper TLS verification
  • ✅ Obfuscate licensing logic
  • ✅ Use token expiration & validation
  • ✅ Cross-platform shared licensing logic

Entitlement API Overview

Core licensing and validation concepts.

Floating Licenses & Trials

How to manage expiring and pooled licenses.

Revit Add-in Licensing (External Link)

The Building Coder on Revit’s API and licensing.

Official Entitlement API PDF

Autodesk's official entitlement documentation.

Thank You!

This wraps our series on mastering the Entitlement API in AutoCAD (and beyond). Whether you’re building in C++, C#, or Lisp, you now have a secure, flexible foundation for managing plugin licensing.

Using the Entitlement API in ObjectARX with C++

A practical guide to integrating Autodesk’s Entitlement API with native C++ plugins for AutoCAD using ObjectARX.

Preparing Professional-Level Test Data for Licensing Scenarios

How to design realistic entitlement records, user profiles, and workflows for robust testing of your AutoCAD plugin licensing.