Plugin https://wordpress.org/plugins/software-license-manager/ + they have basic manuals - add them under their api.
And here

Couldn't find adequate information online.

- it's full. Both on Habré and in the global network. And yes - what has been written for 8 years - also now. Nothing has changed. So feel free to use it.
And about the protection - it's all a formality. Who needs - break, steal. Another thing - studios that value their reputation - they will buy a license. And without protection, they would buy once and sell to their customers (yes, their conscience allows them to cheat on you and cash in on customers). And you buy from them once and then shish. those. legal protection from studios. And no more. all others break the activation.
And yet - release updates often - so that the one who cuts out the part responsible for activation. - there were eternal problems with the need to do their vile deeds again. Because after the update, protection will arrive))
In general, it is worth considering the moment of activation - so that you are not behind ddos ​​either, and so that if your hoster is down - your clients' sites do not turn into a pumpkin - and this will be a blow to your reputation.
What else - sell technical support and integrations. It's better than sewing in activation keys.

Take a closer look at code obfuscation.
And so - to protect a PHP script is very difficult and usually does not make sense. You can wind up the basic protection, this will be enough for mom's hackers to no longer be able to steal your code.

From the realm of fantasy: Checking the code with the analysis of the siteurl and the address of the request, as a result of which the response will transfer the missing part of the code or recreate the desired file in the plugin directory. The missing part each time can be any file or function. Conditionally random. A piece of obfuscation. Plus a cron check and perfect: installation from your server with your api