Retrieve product name without (admin) token?

[nschloe]

I would like to validate licenses user-side and show the user the product names for which she has licenses. Offline keys contain the product ID, and online key validation also returns the product ID. To retrieve their names, one has to make token-authenticated calls though, meaning that whatever software runs on the client-side, it has to contain that token. This seems way overkill for just getting the product name.

Is there different for getting product names? Perhaps version info should be stored in larger object (containing license ID, product name, fingerprinting info, ...) when providing the license to the user.

[ezekg]

When you're on an Ent tier, you can add the product.read permission to users and licenses so that they can read the product while authenticating with the API (via a user token or license key, respectively). But right now, custom permissions are an Ent-only feature (also available when self-hosting Keygen EE). I do not recommend including an admin, environment, or product token inside of client-facing software. These tokens offer full or near-full access to your Keygen account and will result in your account becoming compromised, resulting in somebody able to create, delete and update licenses and other resources.

As a workaround on Std tiers, you could add this information to the license's metadata.