API Reference

Elite Key API

Seller-key style API for managing licenses and users from your own backend/tools.

Security

Keep it server-side
The Elite Key is a master key for your account. Do not ship it in client apps. Do not paste it in public chats. If it leaks, reset it immediately in the dashboard.

Endpoint

Methods
GET / POST
Path
/api/elite-key
  • All inputs are passed as query parameters.
  • GET and POST behave the same for these actions.

Common Parameters

/api/elite-key?key=YOUR_KEY&function=license|user|device|variable|subscription|version|response|app&action=...&url_prefix=APP_PREFIX&app_name=APP_NAME
  • key (required): your Elite Key.
  • function (required): license, user, device, variable, subscription, version, response, or app.
  • action (required): depends on the function.
  • url_prefix (required): your app url prefix (used for validation).
  • app_name (required): app name.
Subscription parameter
Use subscription (the subscription name, for example Default) when generating or editing licenses/users.
Plan requirement
This API currently requires the owning account to be on the Elite plan.
Elite Key Settings (Capabilities + IP/Domain Rules)
In the dashboard you can disable specific actions and restrict where the key can be used from. Whitelist behaves like an emergency lock-down: if you add any whitelist entries, anything not listed is blocked. Blacklist is always denied.

IP & Domain Rules

  • IP whitelist: if you add any entries, requests must come from a whitelisted IP.
  • IP blacklist: listed IPs are always blocked.
  • Domain whitelist: if you add any entries, the request origin hostname must match (supports *.example.com).
  • Domain blacklist: listed domains are always blocked (supports wildcards).
How AuthlyX detects IP and domain
IP is taken from CF-Connecting-IP, X-Forwarded-For, or the socket address. Domain is taken from the request Origin header (or Referer as a fallback).
Example: emergency lock-down
Whitelist only your own IP so nobody else can use the key while you do maintenance.
IP whitelist: 102.88.111.45
Example: block a domain
Prevent usage from a specific site (or an entire wildcard).
Domain blacklist: example.com
Domain blacklist: *.example.com

Functions & Actions

Use function + action to route the request.

Function Actions
license generate, edit, delete, extend, shorten, ban, unban, pause, unpause
user generate, edit, delete, extend, shorten, ban, unban, pause, unpause, reset_password
device create, edit, delete, extend, ban, pause
variable set, delete
subscription create, edit, delete
version add, edit, remove
response set, reset
app edit
Permission denied
If an action is disabled in Elite Key Settings you will get 403 with Elite key permission denied.

Required Parameters (Quick Reference)

license
  • generate: subscription, expiry_date
  • edit: license_key
  • delete: license_key
  • extend/shorten: license_key + (days or expiry_date)
  • ban/unban/pause/unpause: license_key
user
  • generate: username, password, subscription, expiry_date
  • edit: username
  • delete: username
  • extend/shorten: username + (days or expiry_date)
  • ban/unban/pause/unpause: username
  • reset_password: username (optional: new_password)
device
  • create: device_type, device_id (optional: subscription, expiry_date, user_panel_access)
  • edit/delete/extend/ban/pause: id or (device_type + device_id)
variable
  • set: key, value
  • delete: key
subscription
  • create: name
  • edit: id or name
  • delete: id or name
version / response / app
These are advanced actions intended for backends/tools. See the dashboard for the same concepts.

License Actions

generate
Create a new license key.
edit
Edit subscription/expiry/device limit.
delete
Delete a license.
extend
Add time (days) or set expiry_date.
shorten
Subtract time (days) or set expiry_date.

Example: Generate License

curl "https://authly.cc/api/elite-key?key=YOUR_KEY&function=license&action=generate&url_prefix=myapp&app_name=HI&subscription=Default&expiry_date=2026-12-31T00:00:00.000Z&device_limit=1"
{
  "success": true,
  "license": {
    "license_key": "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX",
    "expiry_date": "2026-12-31T00:00:00.000Z",
    "device_limit": 1,
    "freeze_expiry": false,
    "user_panel_access": true,
    "note": null
  }
}

User Actions

generate
Create a new user (username/password).
edit
Edit subscription/expiry/password/email.
delete
Delete a user.
extend
Add time (days) or set expiry_date.
shorten
Subtract time (days) or set expiry_date.

Example: Extend User

curl "https://authly.cc/api/elite-key?key=YOUR_KEY&function=user&action=extend&url_prefix=myapp&app_name=HI&username=12&days=30"
{
  "success": true,
  "user": {
    "username": "12",
    "expiry_date": "2026-05-29T07:07:00.000Z"
  }
}

Errors

400
  • Invalid/missing parameters (function, action, etc.)
401
  • Missing key parameter
  • Invalid elite key
403
  • Elite key is only available for Elite plan
  • Elite key permission denied (action disabled in Elite Key Settings)
  • Elite key access denied (IP/domain blocked or not whitelisted)
404
  • App not found or disabled
  • Subscription not found
  • License not found
  • User not found
500
  • Internal server error
  • Verification failed