Applications
Manage applications, settings, runtime API keys, and license levels.
Application routes use /api/v1/panel and accept Management API key authentication
unless a note says otherwise.
Routes that include applicationId require both the listed scope and access to that
application.
Get applications
GET /api/v1/panel/get-applications
Required scope: applications:read
curl "https://api.blazeauth.net/api/v1/panel/get-applications" \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY"{
"success": true,
"message": "Successfully fetched applications",
"data": [
{
"id": "123456789",
"name": "Desktop Client",
"applicationApiKeys": {
"socketKey": "sock_example_key",
"httpKey": "http_example_key",
"updatedAt": "2026-05-12T09:00:00.000Z"
}
}
]
}When the key is restricted to selected applications, the response is filtered to those applications.
Create application
POST /api/v1/panel/create-application
Required scope: applications:create
The key must have all-application access. Selected-application keys cannot create new applications.
curl "https://api.blazeauth.net/api/v1/panel/create-application" \
-X POST \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "name": "Desktop Client" }'| Field | Type | Required | Notes |
|---|---|---|---|
name | string | Yes | 6-32 characters. |
{
"success": true,
"message": "Successfully create application"
}Create application license levels
POST /api/v1/panel/create-application-license-levels
Required scope: applications:update
curl "https://api.blazeauth.net/api/v1/panel/create-application-license-levels?applicationId=123456789" \
-X POST \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "levels": ["basic", "pro"] }'| Field | Location | Type | Required | Notes |
|---|---|---|---|---|
applicationId | query | string | Yes | Target application id. |
levels | body | string[] | Yes | At least one level. Each level is 1-16 characters after trimming. Values must be unique. |
{
"success": true,
"message": "License levels save successfully"
}Get application license levels
GET /api/v1/panel/get-application-license-levels
Required scope: applications:read
curl "https://api.blazeauth.net/api/v1/panel/get-application-license-levels?applicationId=123456789" \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY"{
"success": true,
"message": "Successfully fetched application license levels",
"data": ["basic", "pro"]
}Update application settings
PATCH /api/v1/panel/update-application-settings
Required scope: applications:update
curl "https://api.blazeauth.net/api/v1/panel/update-application-settings?applicationId=123456789" \
-X PATCH \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"field": "status",
"value": "paused"
}'| Field | Location | Type | Required | Notes |
|---|---|---|---|---|
applicationId | query | string | Yes | Target application id. |
field | body | string | Yes | One of applicationLicenseRequiresClientId, applicationUserRequiresClientId, applicationUserRequiresLicense, version, status. |
value | body | boolean | string | Yes | Boolean for the three Requires... fields, string for version, online or paused for status. |
Changing status to paused notifies live clients. Changing version notifies live
clients about the version update.
{
"success": true,
"message": "Successfully update application settings"
}Update API keys
PATCH /api/v1/panel/update-api-keys
Required scope: applications:update
This rotates application runtime API keys (socketKey or httpKey). It does not rotate
Management API keys.
Rate limit: 2 rotations per hour.
curl "https://api.blazeauth.net/api/v1/panel/update-api-keys?applicationId=123456789" \
-X PATCH \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "type": "socketKey" }'| Field | Location | Type | Required | Notes |
|---|---|---|---|---|
applicationId | query | string | Yes | Target application id. |
type | body | string | Yes | socketKey or httpKey. |
{
"success": true,
"message": "Successfully update api key"
}Get application settings
GET /api/v1/panel/get-application-settings
Required scope: applications:read
curl "https://api.blazeauth.net/api/v1/panel/get-application-settings?applicationId=123456789" \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY"{
"success": true,
"message": "Successfully fetched application settings",
"data": {
"applicationLicenseRequiresClientId": true,
"applicationUserRequiresClientId": false,
"applicationUserRequiresLicense": true,
"version": "1.2.0",
"status": "online"
}
}Delete application
DELETE /api/v1/panel/delete-application
Required scope: applications:delete
curl "https://api.blazeauth.net/api/v1/panel/delete-application" \
-X DELETE \
-H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"applicationId": "123456789",
"code": ""
}'| Field | Type | Required | Notes |
|---|---|---|---|
applicationId | string | Yes | Application to delete. |
code | string | Yes | Required by the current schema. For Management API key auth it is ignored, so send an empty string. Dashboard sessions with 2FA must send a valid 6-digit code. |
Deleting an application removes application-owned resources and notifies connected clients.
{
"success": true,
"message": "Application deleted successfully"
}