We also have a question about security.
How do you ensure the security of the license token, if it gets into the hands of another person, can that person use it in their applications?
Is there a bundle id control and restriction on the token?
There is no direct risk for you in regards to token security, but we do appreciate any protective measures like encryption that you implement on your side. We actually recommend taking such precautions just in case, even though there are no specific methods we recommend.
The best and simplest option for you is web storage for the token. This allows you to quickly change tokens without needing an application update.
Since a third party can indeed use it, if we detect such use, we will likely issue you a new token instead of the current one. This enables you to quickly change it if such an issue arises. It also simplifies switching between tokens due to any inherent time limits, if your token has time restrictions, for example.