Authentication
Getting a key and secret
Before any calls can be made to the API, you must first have a key/secret pair that is used to authenticate your application. This key is associated with a set of permissions on a per server basis and the key/secret is only valid for that server.
The key/secret pair is associated only with one server, and that is the server it is created on.
To get a key/secret, head to your Virtual/Dedicated Server, then;
- Navigate to Sub-Accounts in the side-bar.
- Select
Generate NewunderYour API Keys.
Once your key/secret has been created, you will see some new options in the Sub-Accounts page:
- This is your new key
View Secret- click this to view the secret part of your key.Configure Permissions- this is where you add or remove permissions for your key/secret (more below). It is recommended to add permissions to your key/secret, as it will have none by default.Revoke- revoke (delete) your key.
Do not share the secret part of your key as this could allow someone to access the server as your application!
The secret cannot currently be reset; if it is compromised, you will need to delete the existing key and generate a new one.
Permissions
Each key/secret pair has a set of permissions associated with it, the same as a normal sub-account. This limits the endpoints you can call depending upon the permission. Permissions are broken down generally per game then a set of specific operations within that game such as console access.
Authenicating requests
When making calls to endpoints, you will need to pass in key/secret pair within the form data. Pass the key inside the key field and secret inside the secret field.
If the API credentials are invalid, you will receive a response with status set to error and message as Invalid API credentials. . You can see more detailed information in the details field.
Example error response:
{
"status": "error",
"message": "Invalid API credentials.",
"details": "Key or secret are too short."
}