Yeah, if you were to verify from a plugin it would always be able to be modified. So you would basically have to verify on the external server itself. But at the end of the day they could always modify the code to send someone elses identity if they know the person has purchased a license.
I saw @Crazyman32 was typing a response. So I thought maybe he knew of a way since he’s more familiar with the implementation. He uses a similar (possible?) method on the downloader for his Aero Framework.