API Overview

Introduction

The XyraPanel API provides programmatic access to manage your servers, users, nodes, and other resources. The API is built on RESTful principles and returns JSON responses.

Base URL

The API is accessible at your XyraPanel installation URL. The base URL is configured via environment variables:

NUXT_PUBLIC_APP_URL=https://panel.example.com

All API endpoints are prefixed with /api. For example:

https://panel.example.com/api/client/servers
https://panel.example.com/api/admin/servers
https://panel.example.com/api/account/api-keys

API Namespaces

The XyraPanel API is organized into several namespaces:

Client API (`/api/client/*`)

Manage your servers, files, databases, backups, and more. These endpoints require user authentication.

Admin API (`/api/admin/*`)

Administrative endpoints for managing users, nodes, eggs, and servers. Requires admin privileges.

Account API (`/api/account/*`)

Manage your account settings, API keys, sessions, and security preferences.

Application API (`/api/application/*`)

Advanced application-level endpoints for system management.

Response Format

All API responses return JSON with a consistent structure:

Success Response

{
  "data": {
    "id": "server-uuid",
    "name": "My Server",
    "status": "running"
  }
}

List Response with Pagination

{
  "data": [
    {
      "id": "server-1",
      "name": "Server 1"
    },
    {
      "id": "server-2",
      "name": "Server 2"
    }
  ],
  "meta": {
    "pagination": {
      "total": 50,
      "count": 10,
      "per_page": 10,
      "current_page": 1,
      "total_pages": 5
    }
  }
}

Error Response

{
  "statusCode": 404,
  "message": "Server not found"
}

For validation errors:

{
  "statusCode": 400,
  "message": "Request body validation failed",
  "data": {
    "errors": [
      {
        "field": "name",
        "message": "Name is required"
      }
    ]
  }
}

HTTP Methods

The API uses standard HTTP methods:

GET - Retrieve resources
POST - Create new resources
PUT / PATCH - Update existing resources
DELETE - Remove resources

Status Codes

Code	Description
`200`	Success
`201`	Resource created
`204`	Success with no content
`400`	Bad request / validation error
`401`	Authentication required
`403`	Forbidden / insufficient permissions
`404`	Resource not found
`413`	Request body too large
`429`	Rate limit exceeded
`500`	Internal server error

Content Type

All requests and responses use application/json as the content type.

Content-Type: application/json

Getting Started

To start using the API:

Authenticate using API keys or session cookies
Review the rate limits to understand usage restrictions
Explore the endpoint documentation for specific resources

The API is built with Better Auth and includes advanced security features like CSRF protection, rate limiting, and secure session management.

Getting Started

Account

Servers

Admin - Servers

Admin - Nodes

Admin - Users

Admin - Resources

Introduction

Base URL

API Namespaces

Client API (`/api/client/*`)

Admin API (`/api/admin/*`)

Account API (`/api/account/*`)

Application API (`/api/application/*`)

Response Format

Success Response

Error Response

HTTP Methods

Status Codes

Content Type

Getting Started

Build docs developers (and LLMs) love

Getting Started

Account

Servers

Admin - Servers

Admin - Nodes

Admin - Users

Admin - Resources

​Introduction

​Base URL

​API Namespaces

​Client API (/api/client/*)

​Admin API (/api/admin/*)

​Account API (/api/account/*)

​Application API (/api/application/*)

​Response Format

​Success Response

​List Response with Pagination

​Error Response

​HTTP Methods

​Status Codes

​Content Type

​Getting Started

Build docs developers (and LLMs) love

Introduction

Base URL

API Namespaces

Client API (`/api/client/*`)

Admin API (`/api/admin/*`)

Account API (`/api/account/*`)

Application API (`/api/application/*`)

Response Format

Success Response

List Response with Pagination

Error Response

HTTP Methods

Status Codes

Content Type

Getting Started