Add license verification calls to the plugin code
Plugin creators need to define the attributes of their paid plugins in the plugin descriptor (plugin.xml) to start selling process. Then, all the licensing-related communication, including plugin license checks, is done on the IntelliJ Platform side. Licenses will first be checked by the IDE on startup. After that, there will be additional checks at least once a day.
However, you should verify on your own that a user has a license for the plugin by adding license verification calls to the plugin code. We recommend implementing this for the following reasons:
Even though the IDE checks the plugin license at least once a day, it’s never wrong to increase the security layer against piracy by adding this functionality to your plugin.
These verification calls could also be useful for your plugin scheme, for example if you’re developing a free plugin with paid functionality. You can implement logic to notify users who aren't licensed that there is a paid functionality in your plugin, and have this notification appear during the license check.
To implement license verification on the plugin side, a plugin has to include a standard code provided by JetBrains, which checks that your plugin is licensed.
Here you will find an example plugin with product parameter declarations, as well as a license check:
You can find the CheckLicense class in license/CheckLicense.java, which is then used in actions/DemoAction.java to check whether the plugin is licensed.
There are no private keys in the platform (otherwise, they could easily be extracted/leaked), so the IntelliJ Platform gets a signed confirmation of the license from the server (online or on-premises) or the signed offline key. The plugin licensing verification code uses the JetBrains public certificate, which helps us verify that the key is genuine.