Skip to main content

Authentication Method

The GamePanelX V3 API uses API key authentication. Every API request must include your unique API key to verify your identity and authorization.

Obtaining Your API Key

Your API key is generated automatically when GamePanelX is installed and can be found in the admin settings panel.

Steps to Find Your API Key:

  1. Log in to your GamePanelX admin panel
  2. Navigate to Settings in the admin menu
  3. Locate the API Key field
  4. Copy your API key (it’s a read-only field for security)
The API key is stored in the database settings table and is unique to your GamePanelX installation.

Using Your API Key

Include your API key in every API request using the key parameter.

GET Request Example

curl "https://your-domain.com/api/api.php?class=servers&action=restart&key=YOUR_API_KEY&id=123"

POST Request Example

curl -X POST https://your-domain.com/api/api.php \
  -d "class=servers" \
  -d "action=create" \
  -d "key=YOUR_API_KEY" \
  -d "username=john_doe" \
  -d "game=csgo"

Required Parameters

Every API request must include these three parameters:
key
string
required
Your API key from the admin settings panel
class
string
required
The resource type to interact with. Allowed values:
  • servers - Server management operations
  • users - User management operations
action
string
required
The operation to perform (varies by class)

Authentication Errors

The API will return specific error messages for authentication issues:

No API Key Provided

No API key specified (&key=)
This error occurs when the key parameter is missing from your request.

Invalid API Key

Invalid API key specified!
This error occurs when the provided API key doesn’t match the one stored in your GamePanelX settings.

Security Best Practices

Your API key provides full access to your GamePanelX installation. Follow these security guidelines:

1. Keep Your API Key Secret

  • Never commit your API key to version control
  • Don’t share your API key in public forums or documentation
  • Store your API key in environment variables or secure configuration files

2. Use HTTPS

Always use HTTPS when making API requests to prevent your API key from being intercepted: 
# Good - Uses HTTPS
curl "https://your-domain.com/api/api.php?key=YOUR_API_KEY&..."

# Bad - Uses HTTP (insecure)
curl "http://your-domain.com/api/api.php?key=YOUR_API_KEY&..."

3. Use POST Instead of GET

POST requests are more secure than GET requests because parameters aren’t logged in web server access logs: 
# More secure - POST request
curl -X POST https://your-domain.com/api/api.php \
  -d "key=YOUR_API_KEY" \
  -d "class=servers" \
  -d "action=restart" \
  -d "id=123"

4. Regenerate API Key if Compromised

If you suspect your API key has been compromised, regenerate it immediately in the admin settings panel.

Testing Your Authentication

You can test your API authentication with a simple request: 
curl -X POST https://your-domain.com/api/api.php \
  -d "class=users" \
  -d "action=create" \
  -d "key=YOUR_API_KEY" \
  -d "username=test_user" \
  -d "password=test_pass" \
  -d "[email protected]"
If authentication is successful, you’ll receive a response indicating success or failure of the operation (not the authentication).

Environment Variables Example

Store your API key in environment variables: 
#!/bin/bash
export GPX_API_KEY="your_api_key_here"
export GPX_API_URL="https://your-domain.com/api/api.php"

curl -X POST $GPX_API_URL \
  -d "key=$GPX_API_KEY" \
  -d "class=servers" \
  -d "action=restart" \
  -d "id=123"

Next Steps

Now that you understand authentication, explore the available API endpoints:

Server API

Manage game servers via API

User API

Manage user accounts via API

Build docs developers (and LLMs) love

Get started for freeTalk to us