Overview
Meridian exposes a lightweight HTTP API that slots directly into your Heroku dyno. Add your Meridian API key as a config var, call the validation endpoint from your request middleware, and you have per-user licensing with zero additional services.
Prerequisites
- A Heroku app running Node.js, Python, Ruby, or Go
- A Meridian account with an active product (create one here)
- Heroku CLI installed and authenticated
Step 1 — Set your API key
Grab your secret API key from the Meridian dashboard and inject it as a Heroku config var:
heroku config:set MERIDIAN_API_KEY=mrd_live_xxxxxxxxxxxxxxxxNever hardcode keys. Heroku config vars are encrypted at rest and injected at runtime.
Step 2 — Validate licenses in middleware
Call Meridian's validate endpoint on every protected request. Example Express middleware:
const MERIDIAN = 'https://api.getnimbus.net/v1/validate';
app.use(async (req, res, next) => {
const key = req.headers['x-license-key'];
if (!key) return res.status(401).json({ error: 'missing key' });
const r = await fetch(MERIDIAN, {
method: 'POST',
headers: {
'Authorization': `Bearer ${process.env.MERIDIAN_API_KEY}`,
'Content-Type': 'application/json',
},
body: JSON.stringify({ license_key: key, hwid: req.ip }),
});
const data = await r.json();
if (!data.valid) return res.status(403).json({ error: data.reason });
req.license = data;
next();
});Step 3 — Gate features
The validation response includes a tier field (“free”, “pro”, “enterprise”). Use it to conditionally enable endpoints, rate limits, or premium functionality. For offline resilience, cache the response with a TTL matching the expires_in field.
Step 4 — Monitor in the dashboard
Every validation call is logged. Head to your Meridian dashboard to see active sessions, revoke keys, and set HWID lock policies — all without touching your Heroku config.