It sounds like you want to protect the actual license key from being traffic snooped.
So you want the user to be able to authenticate to the API somehow and then acquire the license key from it.
Perhaps you could use a shared secret to encrypt the key.