Sentinel | License Management Solution v2.3.0

Self-hosted license management that protects your software from unauthorized redistribution.
Added a self-service customer portal. License holders can sign in with Discord to view and manage their own licenses, without needing an admin to act for them. This is a beta feature and is disabled by default; an admin can enable it under Settings (General).
  • Customers sign in with Discord and are automatically provisioned an account if they hold a license.
  • Customers can view their licenses and, per granted permissions, edit usage limits, manage sub-users, regenerate their license key, and reset server/IP slots.
  • Added optional per-license reset limits that cap how many server/IP slot resets a customer can perform within a rolling time window, with the allowance replenishing automatically. Off by default and configurable in Settings.
  • Fixed an issue where custom legacy encryption keys of certain lengths would not be accepted (error on startup).
  • Added account reset: admins with the new RESET_USER permission can reset a user's password and/or two-factor authentication, issuing a one-time temporary password and revoking the user's sessions, trusted devices, and login lockout.
  • Enforced rank-based authority on cross-user actions: editing, deleting, or resetting a user, and managing another user's API keys, now require outranking that user.
  • Restricted role assignment to roles ranked below your own; you can no longer assign a role at or above your own rank.
  • Restricted role reordering, editing, and deletion to roles ranked below your own, with reorders blocked client-side and server-side from moving a role to or above your rank.
  • Allowed admins to grant a role or API-key overrides containing permissions they don't personally hold, as long as they outrank the target (the target's role is the upper bound, not the actor's).
  • Added product platform listings so plugins distributed via Spigot, BuiltByBit, etc. can validate licenses by (platform, resourceId) instead of a hard-coded product name. Update your client to utilize this feature.
  • Added Discord audit log sync, forwarding the auditable event types to configurable channels as branded embeds.
  • Added AES-256-GCM response encryption for the legacy /api/v1/licenses/auth endpoint, gated by a new LEGACY_ENCRYPTION_SECRET env var (zero overhead when unset).
  • Hid Discord roles the bot cannot assign (above its highest role, or unreachable without MANAGE_ROLES) from role selectors.
Complete rewrite of the license management system: new database, new web dashboard, new authentication model, new API surface.

Breaking Changes
  • Database: MongoDB replaced by PostgreSQL.
  • Runtime: Requires Java 21 (previously 17).
  • API: /api/v1 replaced by /api/v2. A /api/v1/licenses/auth compatibility endpoint is available when LEGACY_API_KEY is configured but is deprecated and will be removed in a future release.
  • API keys: Stored as SHA-256 hashes. Existing keys cannot be recovered and must be regenerated.
  • Products: Moved from static YAML configuration to database-managed entities with a new tier system (products contain tiers, tiers define entitlements).
  • Authentication: API key-only authentication replaced by multi-strategy auth (email/password, OAuth2, API keys, session tokens).
  • Configuration: YAML config file replaced by Spring externalized configuration (application.yml / environment variables).
  • Removed: Response body encryption, various outdated/inconsistent bot commands.

New Features
  • Web dashboard: Full React + TypeScript SPA for managing licenses, products, users, roles, and settings.
  • Admin user accounts: Email/password registration and login with rate-limited lockout.
  • OAuth2: Discord and Google as login and account-linking providers.
  • Two-factor authentication: TOTP with QR provisioning, backup codes, and trusted device management. Secrets encrypted at rest.
  • Role-based access control: Custom roles with fine-grained permissions, assignable per user.
  • License tiers: Products contain tiers, each with its own set of entitlements. Licenses reference a specific tier.
  • Audit logging: Field-level change tracking across all entities (licenses, products, tiers, users, roles, API keys, auth events) with sensitive field redaction.
  • Response signing: Cryptographically signed license validation responses (nonce + timestamp) to prevent forgery and replay. Optional, enabled when signing keys are configured.
  • Discord role reconciliation: Improved automatic Discord role sync based on license connections, with global customer roles and optional orphaned role removal.
  • Metrics dashboard: Daily metrics collection with time-series views, product leaderboards, and configurable data retention.
  • Global settings: Dashboard-managed application settings.
  • Onboarding: Guided setup flow for new installations.
  • License key regeneration: Generate a new key for an existing license.
  • Advanced search: Filter licenses by product, status, platform, connection, server, and IP.
  • Health checks: Health endpoint with Discord bot connectivity indicator and startup validation.
  • Deployment options: Docker Compose, a one-line install script, and a ready-to-use Pterodactyl egg.

Improvements
  • Improved sub-users: Connection search now matches sub-users, with a visual "Sub-user" badge in the dashboard table and [Sub-user] labels in Discord bot results. Discord sub-users can access license key information through the bot.
  • Security hardening: CSRF protection, security headers, and privilege escalation guards.
  • Unified /licenses command: Merged /listlicenses and /searchlicense into a single command with inline filters.
  • Modal-based Discord editing: Product and tier creation/editing through Discord modals with select menus.
  • Rich /mylicenses: Paginated embeds with select menus for viewing license details.
  • Product autocomplete: Bot commands with product arguments use Discord autocomplete (25+ products support).
  • More paginated list endpoints: All collection endpoints return paginated responses.
  • Performance and stability: Various optimizations and performance/stability improvements.
• Reverted the link wrapping change for connection URLs because Discord implemented an anti-phishing feature that breaks it. Connection URLs should now appear as normal. If you have non-standard characters in your connection URLs, you may want to manually override the default URL presentation in bot.yml.
• Sentinel JARs are now distributed as RARs again due to conflicts with BuiltByBit's download system.
BuiltByBit is currently blowing up Sentinel's file size from 46MB to over 100MB (which is not uploadable on many Pterodactyl panels) for some unknown reason. This is a compressed version that bypasses this issue. You will need to extract the JAR from the RAR file. Refer to the previous changelog for 1.10.1 changes.
• Added a new Discord bot "anti-hijack" (guild cap) system that prevents malicious actors from inviting your Discord bot to their own servers (with escalated priviledges). THERE IS NO SECURITY EXPLOIT INSIDE SENTINEL. This is simply a backup feature that limits the number of guilds that your bot can be added to in case you forget to uncheck the "Public Bot" checkbox in your Application settings on https://discord.dev/. More information below.
• Added link wrapping for connection URLs inside the Discord bot's embeds, enforcing more consistent formatting.
• Updated dependencies, including Spring Boot and JDA.

More About the "Anti-Hijack" System
By default, Discord (unfortunately) leaves the "Public Bot" option found in https://discord.com/developers/applications > [Your Application Name] > Bot > Authorization Flow checked. This allows any user to invite your Sentinel bot to their own server(s) using a publicly-accessible application ID. With administrative priviledges on unauthorized Discord server(s), the malicious user is able to execute any of Sentinel's slash commands without restriction.

While our installation instructions explicitly states that the Public Bot option should be unticked, we understand that this step may be missed or the box may be accidentally left checked. Since this "hijack" issue has affected Sentinel and other license systems (and bots in general) in the past, this update adds a limit to the number of guilds the bot can be in at one time.

By default, this limit is set to 1. If you want to have the bot in multiple servers for whatever reason, you need to add and modify the following line in your bot.yml accordingly:

YAML:
# The maximum number of Discord servers/guilds the bot can be in at the same time.
# Default is 1 to prevent bot hijacking if the application is accidentally set as Public.
max-guilds: 1

Again, this is NOT a security exploit within Sentinel, but rather an extra safeguard as a result of an... interesting design decision on Discord's end.
Buy a license now
$29.99
EULA
Standard EULA
Use on any projects you own with attribution
Support
Standard
Includes:
Download the resource
Access new updates
Support from the creator
Enhanced
+ $12.00
Includes Standard support plus:
Installation & setup
Support duration
Lifetime
Extras
Source Code
+ $199.00
Share and earn
Refer this resource and earn a 15% commission.
21,462 Views
136 Purchases
148 Downloads
Apr 16, 2023 Published
Jun 29, 2026 Updated
5.00 star(s)
Average rating (8)
85.2 MB File size
Open source
  1. No
DRM-free
  1. No
Unobfuscated
  1. No
Type
  1. Business
  1. License management
Supported languages
  1. English
Creator
Owner
Recommended for you
Quick and flawless permission management, done through stunning GUI menus! (Permissons Plugin Addon)
5.00 star(s) 24 ratings
236 purchases
Self-hosted Discord Bot for managing advanced embed messages through YAML files.
5.00 star(s) 11 ratings
35 purchases
Free Tebex Plus, Forum, Store, Blog, Support, Leaderboards, Wiki, Shared Hosting Support and more!
5.00 star(s) 5 ratings
594 purchases
Unlock your potential with a sellix.io website template!
5.00 star(s) 10 ratings
324 purchases
Your self-hosted donation store for Minecraft server (Tebex/CraftingStore analogue).
5.00 star(s) 63 ratings
214 purchases
Share and earn
Refer this resource and earn a 15% commission.
21,462 Views
136 Purchases
148 Downloads
Apr 16, 2023 Published
Jun 29, 2026 Updated
5.00 star(s)
Average rating (8)
85.2 MB File size
Open source
  1. No
DRM-free
  1. No
Unobfuscated
  1. No
Type
  1. Business
  1. License management
Supported languages
  1. English
Creator
Owner
Recommended for you
Quick and flawless permission management, done through stunning GUI menus! (Permissons Plugin Addon)
5.00 star(s) 24 ratings
236 purchases
Self-hosted Discord Bot for managing advanced embed messages through YAML files.
5.00 star(s) 11 ratings
35 purchases
Free Tebex Plus, Forum, Store, Blog, Support, Leaderboards, Wiki, Shared Hosting Support and more!
5.00 star(s) 5 ratings
594 purchases
Unlock your potential with a sellix.io website template!
5.00 star(s) 10 ratings
324 purchases
Your self-hosted donation store for Minecraft server (Tebex/CraftingStore analogue).
5.00 star(s) 63 ratings
214 purchases
Top