LevelChat has three relevant concepts:
- Plan — the SKU you bought (
hobby,team,business,enterprise). - Entitlements — the runtime view of what your plan allows (max rooms, recording on/off, AI features, etc.). Cached per project, sub-50 ms p99 to read.
- License — only relevant for on-prem. A signed JWT issued by the LevelChat license service that the on-prem license-svc verifies against its public key.
Reading entitlements
~
curl $LC_API_URL/v1/license/entitlements?project_id=proj_01HF... \
-H "Authorization: Bearer lc_pk_xxx.yyy"JSON
{
"plan": "team",
"max_concurrent_rooms": 50,
"max_participants_per_room": 50,
"max_viewers_per_broadcast": 500,
"recording_enabled": true,
"e2ee_enabled": false,
"ai_enabled": false,
"meters": ["participant_minutes", "viewer_hours", "recording_gb_stored"]
}When a quota is hit, the gateway returns 402 Payment Required with a Problem Details body — see
the API reference. Surface this clearly in your UI; don't retry.
On-prem licensing
For self-host, the license is bound to a customer id and an optional expiry. Generate it like:
~
curl -X POST $LC_API_URL/v1/license/onprem \
-H "Authorization: Bearer <enterprise admin token>" \
-d '{
"customer_id": "cust_acme",
"plan": "business",
"expires_at": "2027-04-25T00:00:00Z",
"features": ["e2ee", "ai", "cascade"]
}'The response includes:
jwt— paste into the on-prem license-svc asLICENSE_JWTpublic_key— embed in the on-prem license-svc asLICENSE_PUBLIC_KEY
Rotate quarterly per docs/deployment/security-runbook.md. Revocation on a compromised license
takes effect cluster-wide within 30 seconds via the NATS CRL channel.