Sooner or later, every plugin developer asks the same question on KVR or the JUCE forum: what should I use for licensing?
It is a deceptively simple question. The answers you get are usually one of two kinds — a sales pitch from someone selling a solution, or folklore passed between developers who have only ever tried one approach. Neither helps you make a decision you will still be happy with in three years.
I have been on most sides of this. I have shipped commercial plugins through Volko Audio since 2004, hand-rolled my own protection, dealt with PACE as both a developer and a customer, and I now build a licensing service. So this is not a pitch. It is the map I wish someone had drawn for me when I was deciding — three real options, compared honestly, including the cases where the option I do not sell is the right one.
The three options, defined
When you strip away the marketing, there are three ways to license a plugin.
PACE / iLok. The established commercial DRM in professional audio. Your plugin is wrapped and activated through PACE’s system, either against a physical iLok USB dongle or through iLok Cloud. Customers manage an iLok account. PACE carries the anti-piracy research; you pay for that, usually as a recurring or per-activation cost.
Hand-rolled. This is the build-your-own, DIY route. You generate your own cryptographic keypair, sign license files or serial numbers with your private key, and embed the public key in the plugin to verify them. You may add a server that the plugin contacts to check the license. You own everything: the key management, the activation flow, the server uptime, and the job of fixing all of it when it breaks.
SaaS licensing. A hosted service handles license types, activation, machine binding, and the dashboard, and exposes it to your plugin through an SDK or API. You integrate once; they run the infrastructure. Full disclosure: Keyzy, the service I build, is one of these — so to keep this fair, everything here is about the category, not my product, and I will only point to Keyzy where a concrete example genuinely helps.
Now the part that actually matters: how these three differ on the things you will live with.
Comparing on the five things that matter
1. True cost
The headline price is the least interesting number.
PACE charges you to protect each sale, and unlike most of this comparison its developer pricing is public. The entry-level Starter tier is a $5,000-a-year technology-access fee plus a cut of every license you sell: 5% of the selling price for perpetual licenses, 10% for subscriptions, with a $2.50 minimum per license. (Standard and Premium tiers are quote-based, and an indie program eases the first few years.) That minimum is worth a second look, because it hits budget products hardest:
On a $25 perpetual, 5% would be $1.25 — but the $2.50 floor makes it effectively 10%.
If you also ship a physical iLok, add the unit cost and logistics of the dongle. The fee is predictable, but it never goes away and it grows with you — a cut of every sale, for as long as you sell.
Hand-rolled looks free, and this is the most expensive illusion in the whole comparison. You pay in engineering time you could have spent on DSP, in server hosting, in the hours you lose to an activation bug the week of a launch, and in the slow accumulation of edge cases you did not anticipate. The cost is real; it is just hidden and lumpy instead of itemized on an invoice.
SaaS is a known line item — a subscription, usually tiered by volume. You can forecast it, and it absorbs the engineering and infrastructure cost that hand-rolling pushes onto you.
The honest summary: “free” is rarely free, a per-sale tax compounds as you grow, and a predictable subscription is the easiest of the three to plan a business around — but only you can decide which of those shapes fits your revenue.
2. Customer UX
This is the axis your buyers actually feel, and the one developers underweight the most.
PACE / iLok is a known quantity in professional studios. Many pro users already have an iLok account and accept it as the cost of doing business. But a meaningful share of indie and hobbyist buyers experience the iLok account requirement — and especially a physical dongle — as friction: the lost-dongle horror story, the “I have run out of activations” support email, the USB-A port that no longer exists on a new laptop. iLok Cloud removes the dongle for buyers who would rather not carry one, but the iLok account still sits between your buyer and your plugin.
Hand-rolled has no ceiling and no floor that anyone set for you — the UX is exactly as good as what you built. You can make it as smooth as pasting a serial, or you can accidentally ship an activation flow that generates a support ticket per sale. The quality is entirely your responsibility.
SaaS quality varies by provider, but a good one gives you clean first-time activation, self-service machine transfers, and a sane offline path without a dongle.
Whichever model you are weighing, judge it against the same three moments: first activation, machine transfer (the classic “I just bought a new Mac” email), and the offline or air-gapped studio that is never connected to the internet.
3. Brand and customer ownership
Ask yourself who stands between you and your customer at the moment of activation.
With PACE, part of that moment belongs to iLok. The account is an iLok account, the activation experience carries iLok’s branding and rules, and you share the customer relationship with a third party whose priorities are not yours.
With hand-rolled, the relationship is entirely yours. Nobody is in the middle.
With SaaS, it depends on the vendor. A well-designed licensing service stays behind your brand — the customer is yours, the activation looks like yours, and the platform is invisible. A badly chosen one inserts itself into the relationship the same way a dongle does. This is worth checking before you commit: does the service keep your customer yours, or does it borrow them?
4. Maintenance and security burden
When you hand-roll, you have quietly started a second company: a security company. License-key cryptography is the easy part. The hard parts are key management, server uptime, responding when a crack appears, and the long tail of edge cases — system clock tampering, offline activation, a customer who reinstalls Windows and loses everything. Security is a moving target, and with hand-rolled you are the one chasing it at 2 a.m. instead of mixing your next release.
PACE carries that burden because anti-piracy research is their product. A SaaS provider carries the infrastructure and platform security; you carry the integration. The real question on this axis is not “is it secure today” but “who do I want responsible for keeping it secure every day after today.”
5. Exit cost
Every choice you make here will eventually be a choice you want to revisit. So ask, up front, what it costs to leave.
Leaving PACE means re-architecting activation and migrating customers off iLok — non-trivial, but bounded and well-trodden.
Leaving a hand-rolled system means you are free to change anything, but you also have to keep honoring every license key you ever issued, possibly forever. Freedom and obligation are the same coin here.
Leaving a SaaS depends entirely on how much lock-in the vendor designed in. Two questions tell you most of what you need to know: can you export your licenses, and is your payment processing separate from your licensing? A service that fuses payments and licensing into one bill is far harder to leave than one that lets you bring your own payment processor — because to change one, you have to change both. Keep your layers separable, and you keep the ability to change your mind one layer at a time.
The five axes at a glance
| PACE / iLok | Hand-rolled | SaaS licensing | |
|---|---|---|---|
| True cost | Per-sale tax, scales with success; dongle logistics if USB | ”Free” upfront, high hidden engineering/ops cost | Predictable tiered subscription |
| Customer UX | Familiar to pros, friction for many indies; account/dongle | Exactly as good as you build it | Good ones: clean, dongle-free, self-serve |
| Brand ownership | Shared with iLok | Entirely yours | Yours if white-label; check first |
| Maintenance / security | PACE carries it | All on you | Provider carries infra; you integrate |
| Exit cost | Bounded, well-trodden | Free to change, must honor old keys forever | Depends on lock-in; keep payment separate |
When PACE is still the right answer
I sell a different model, so take this in the right spirit: there are cases where PACE is genuinely the correct choice. If you are a large, established vendor selling into professional studios where iLok is the expected norm, and you would rather fully outsource anti-piracy research to a company whose entire business is exactly that, PACE earns its fee. The friction that hurts an indie’s conversion rate is simply accepted in parts of the pro market.
The AAX myth
There is one belief I want to correct, though, because it keeps developers from even considering their options: “I need AAX for Pro Tools, so I am locked into PACE.” This is not true. Avid covers the PACE cost associated with AAX signing — supporting the AAX format does not obligate you to use PACE for your licensing. You can ship a properly signed AAX plugin and license it however you like. Do not let the AAX requirement make a licensing decision for you; the two are separate questions.
When hand-rolled makes sense — and the trap
Hand-rolling is not a mistake by default. If you have one product on one platform, your volume is low, you enjoy the control, and you understand the cryptography, building your own simple licensing can be the right call. It is cheap at small scale and you owe nobody a monthly fee.
The trap is the maintenance cliff. It is invisible at first and then, all at once, the licensing system you wrote in a weekend has become a second product you never meant to build and do not enjoy maintaining. It starts asking for full-time attention the day you add:
- a second plugin
- a trial model
- paid upgrades (and the customer who upgrades twice)
- edition or version tiers
- a dealer who needs to distribute keys
- a subscription
If you are weighing this honestly, I wrote a longer, dollars-and-hours analysis in Should you build your own license system for your C++ app? — it is C++-focused but the build-versus-buy math is identical for a plugin.
When SaaS is the right call
For most indie and small-to-mid plugin businesses, a SaaS licensing service is the option that lets you spend your time on the plugin instead of on the plumbing. It fits when you have more than one product or SKU, when you sell through more than one channel (your own site plus dealers), when you want to keep the customer relationship and the brand experience yours, and when you need a sane offline activation path without handing customers a dongle.
This is the category Keyzy is built for: dongle-free activation, machine binding, trial and subscription license types, dealer distribution, and a perpetual offline license that needs no dongle and no periodic check-in — genuinely offline operation a studio can rely on, without a dongle in the middle. And because you bring your own payment processor, your licensing and your payments stay separable. The point is not that a SaaS removes every trade-off; it is that it moves the infrastructure and security burden off your desk and keeps your customer yours.
A decision framework
Strip it down to where you are and where you are going:
- By scale. One product, hobby volume, you like control → hand-rolled or a simple SaaS. A growing indie with multiple SKUs → SaaS. A large vendor selling deep into pro studios → PACE, or a mature SaaS.
- By channel. Selling through dealers or multiple storefronts and need consistent licensing across all of them → SaaS. A single direct storefront gives you more freedom to hand-roll.
- By customer ownership. If keeping the buyer relationship and brand experience yours matters to you, avoid any model that permanently puts a third party in the middle of activation.
Notice that no single axis decides it. The right answer is the option that fits the most of your axes at once — and the honest version of this article is that for a large pro vendor, that can still be PACE.
The part nobody tells you up front
Licensing is infrastructure, and you should choose it for where your business is heading, not only for where it is today. The deepest cost is rarely the monthly fee. It is who owns your customer relationship, who carries the security burden while you sleep, and how hard it is to change your mind when your business changes — because it will.
Pick the option that keeps your optionality. Keep your layers — licensing, payments, distribution — separable, so that the day you outgrow a decision, you can revise one without unwinding all of them. That single principle will serve you better than any specific vendor choice, including mine.
If you are at the build-versus-buy fork right now, start with the DIY cost analysis, and if a hosted model fits where you are heading, take a look at how Keyzy handles plugin licensing. Either way, decide with the five axes in front of you — cost, UX, brand, maintenance, and exit — not the folklore.
Next in this series: what anti-piracy actually achieves, and what it does not.