Documentation

AuthlyX Docs

Ship secure authentication, licensing, device enforcement, and cloud variables with a modern dashboard and API.

Quickstart
Create an app, initialize the SDK, and authenticate your first user.
API Reference
Exact routes, bodies, and success/error patterns.
Version Control
Whitelist versions, show update reminders, and enforce grace access.

Quickstart

Flow
Create the SDK instance, call Init(), then call Login(...).
  1. Create an app in the dashboard and copy your Owner ID, App Name, Version, and Secret.
  2. Initialize the SDK.
  3. Authenticate: username/password, license key, or device.
public static Auth AuthlyXApp = new Auth(
    ownerId: "12345678",
    appName: "MYAPP",
    version: "1.0.0",
    secret: "your-secret"
);

// Optional:
// debug: false (disable logs)
// api: "https://example.com/api/v2" (custom domain)

AuthlyXApp.Init();
AuthlyXApp.Login("username", "password");

Core Concepts

Owner and App
All data is scoped under an Owner ID and App Name.
Session
Init() returns a session_id used by all other routes.
HWID/SID
On Windows, device identity is based on SID (shown as HWID/SID in UIs).
Subscription Level
Subscriptions have a name and a numeric level for easy tier checks.

Security Model

  • Use HTTPS in production: https://authly.cc/api/v2.
  • Version whitelist controls access: fully allow, reminder, or grace access (until date).
  • Application hash approval prevents unauthorized builds from authenticating.

Dashboard: Apps

Create apps, manage secrets, and configure security settings.

Dashboard: Subscriptions

Define tiers and levels for client-side gating.

Dashboard: Users

Create users, extend time, pause/ban access, and view activity.

Dashboard: Licenses

Create licenses, extend, pause/ban, and assign subscriptions.

Dashboard: Devices

Manage motherboard/processor lists and enforce device auth.

Dashboard: Variables

Store secure key/value config and retrieve from clients.

Dashboard: Version Whitelist

Modes
Fully allowed, allowed with reminder, or grace access (allowed until a date).

Dashboard: Response Messages

Customize user-facing errors. Technical codes can remain internal.

Dashboard: User Panel

Optional public portal for end users (enable/disable per app).

Dashboard: Staffs and Resellers

Role-based permissions for team accounts and reseller workflows.

API Reference

API docs are now split into separate pages (one page per endpoint).

Init
POST /api/v2/init
Login
POST /api/v2/login
Register
POST /api/v2/register
Extend
POST /api/v2/extend

Bots: Discord

  1. Invite the bot to your server.
  2. Run /setup.
  3. Add the exact usernames allowed to run commands.

Bots: Telegram

Telegram automation and alerts.

FAQ: Common Issues

Not initialized
Call Init() before other SDK methods.
Update required
Whitelist your version or configure reminder/grace access.

FAQ: Best Practices

  • Use subscription levels for client tier checks.
  • Keep secrets off client devices where possible.
  • Use hash approval to block unauthorized builds.