← Back to Docs

Developer FAQ

Common questions about integrating Meridian into your application.

What platforms does Meridian support?

Meridian ships native C++ components for Windows 10 (21H2+) and Windows 11 on x64 and ARM64. The licensing layer communicates over HTTPS and works behind most corporate proxies. A Linux agent is in closed beta — contact support for early access.

How do I verify a license key server-side?

Call the /api/v1/licenses/verify endpoint with your application secret and the user-supplied key. The response includes tier, expiration, and hardware-lock status. Never validate keys purely client-side — always confirm against the API before granting access to gated features.

Can I use Meridian with Electron or CEF?

Yes. The loader runs as a standalone process that your Electron main process spawns before creating the BrowserWindow. Communication happens over a named pipe with a simple JSON-RPC protocol. See the Electron integration guide for a complete example with preload scripts.

What happens when a license expires?

The protected payload refuses to unpack. Users see a branded dialog directing them to renew. You can configure a grace period (default 72 hours) during which the software continues to function while showing a non-intrusive reminder. Offline machines use an HMAC-signed grace cache that resets on next successful online check.

How does hardware locking work?

Meridian fingerprints the machine using a composite of TPM endorsement key, disk serial, BIOS UUID, and MAC address. The fingerprint is hashed and compared against the bound hardware ID stored with the license. You control the tolerance — strict mode rejects any mismatch, relaxed mode allows a configurable number of component changes before requiring re-activation.

Is the loader open source?

No. The loader is a proprietary binary protected by Themida and signed with an Ed25519 keypair unique to your account. We provide a header-only C++ SDK for the IPC layer, but the loader internals are not distributable in source form. This is intentional — it prevents attackers from studying the protection logic.

How do I handle updates?

Upload new payload builds through the dashboard. The loader checks a version manifest on our CDN at startup and downloads the latest signed payload if the version is newer than what is cached locally. Delta updates are supported for payloads larger than 50 MB. You control the rollout percentage and can pin specific versions for enterprise customers.

What anti-tamper protections are included?

The loader self-verifies its .text section integrity at runtime, checks IAT consistency, and validates its own Authenticode signature. Anti-debug measures include PEB checks, hardware breakpoint scanning, and timing-based detection. The payload itself is wrapped with Themida for additional obfuscation and virtualization.

Can I run Meridian in a CI/CD pipeline?

Yes, with a special CI license tier that disables hardware locking and allows ephemeral instances. CI licenses are short-lived (max 24 hours) and must be requested via the API with a machine identity token. Contact sales to enable CI licensing on your account.

What is the latency impact on application startup?

Cold start (no cached license) adds roughly 200–400 ms for the network round-trip plus payload unpack. Warm start with a valid cached license adds under 50 ms. The loader performs license validation asynchronously where possible — your application can begin initializing while the check completes in the background.

Still have questions? Contact support or join the Discord community.