'POST', 'callback' => [$this, 'verify'], 'permission_callback' => '__return_true', ]); register_rest_route($ns, '/license/activate', [ 'methods' => 'POST', 'callback' => [$this, 'activate'], 'permission_callback' => '__return_true', ]); register_rest_route($ns, '/license/deactivate', [ 'methods' => 'POST', 'callback' => [$this, 'deactivate'], 'permission_callback' => '__return_true', ]); register_rest_route($ns, '/license/revoke', [ 'methods' => 'POST', 'callback' => [$this, 'revoke'], 'permission_callback' => [$this, 'revoke_permission'], // optional secret protection ]); } // === Handlers (stubs) === public function verify(\WP_REST_Request $req) { // TODO: rate-limit, load by (key, form_id), compute effective status, return JSON return new \WP_REST_Response(['ok' => true, 'status' => 'active']); } public function activate(\WP_REST_Request $req) { // TODO: validate, idempotent per device_id, enforce max, update meta_data.activations return new \WP_REST_Response(['ok' => true]); } public function deactivate(\WP_REST_Request $req) { // TODO: remove device, idempotent return new \WP_REST_Response(['ok' => true]); } public function revoke(\WP_REST_Request $req) { // TODO: optional header check, set status=revoked return new \WP_REST_Response(['ok' => true, 'status' => 'revoked']); } public function revoke_permission(\WP_REST_Request $req) { // TODO: if you want to protect revoke via an option-stored secret return true; // or false } // === Helpers (signatures only) === private function rate_limit_ok() { /* TODO */ return true; } private function load_license($key, $form_id) { /* TODO */ return null; } private function effective_status($row) { /* TODO */ return 'active'; } private function update_activations($row, $device_id, $op = 'add', $meta = []) { /* TODO */ return $row; } }