Product
API Documentation
REST API reference for programmatic control over authentication, licensing, and user management.
Base URL
Authentication
All requests must include your application API key in the X-API-Key header.
curl -X POST https://api.kyraxx.dev/v1/client/login \
-H "Content-Type: application/json" \
-H "X-API-Key: krxx_live_your_api_key" \
-d '{"username": "user@example.com", "password": "pass", "hwid": "ABC123"}'
Endpoints
/client/init
Initialize a client session. Returns application metadata, active session count, and server timestamp.
/client/login
Authenticate a user with username, password, and optional HWID. Returns a session token and user metadata.
/client/register
Register a new user. Requires username, password, and a valid license key. Optionally binds HWID on registration.
/client/validate
Validate a license key. Returns license status, expiry date, subscription tier, and HWID binding state.
/client/session-check
Verify an active session token is still valid. Returns the user's current auth status and remaining session time.
/client/var
Retrieve server-side variables defined in the dashboard. Useful for feature flags, download URLs, or dynamic config.
Request & Response Format
All requests and responses use JSON. Successful responses return a success: true field. Error responses include a message field describing the issue.
// Success response
{
"success": true,
"data": {
"session_token": "eyJhbGci...",
"user": { "username": "user@example.com", "subscription": "pro" }
}
}
// Error response
{
"success": false,
"message": "Invalid license key"
}
Error Codes
400
Bad Request -- missing or invalid parameters
401
Unauthorized -- invalid or missing API key
403
Forbidden -- user banned or license expired
404
Not Found -- resource does not exist
409
Conflict -- HWID mismatch or duplicate registration
429
Too Many Requests -- rate limit exceeded