Endpoints
Current Management API endpoint groups and required scopes.
All paths below are relative to https://api.blazeauth.net.
Use the linked resource pages for request fields, response fields, and examples.
Applications
| Method | Path | Scope |
|---|---|---|
GET | /api/v1/panel/get-applications | applications:read |
POST | /api/v1/panel/create-application | applications:create |
POST | /api/v1/panel/create-application-license-levels | applications:update |
GET | /api/v1/panel/get-application-license-levels | applications:read |
PATCH | /api/v1/panel/update-application-settings | applications:update |
PATCH | /api/v1/panel/update-api-keys | applications:update |
GET | /api/v1/panel/get-application-settings | applications:read |
DELETE | /api/v1/panel/delete-application | applications:delete |
Licenses
Each endpoint that accepts applicationId also checks application access.
| Method | Path | Scope |
|---|---|---|
GET | /api/v1/panel/get-licenses-metadata | licenses:read |
GET | /api/v1/panel/get-licenses-table | licenses:read |
POST | /api/v1/panel/create-licenses | licenses:create |
PATCH | /api/v1/panel/edit-licenses | licenses:update |
POST | /api/v1/panel/license-action | licenses:update or licenses:delete |
App Users
| Method | Path | Scope |
|---|---|---|
GET | /api/v1/panel/get-users-metadata | app_users:read |
GET | /api/v1/panel/get-users-table | app_users:read |
POST | /api/v1/panel/create-user | app_users:create |
PATCH | /api/v1/panel/edit-user | app_users:update |
POST | /api/v1/panel/users-action | app_users:update or app_users:delete |
Blacklists
| Method | Path | Scope |
|---|---|---|
GET | /api/v1/panel/get-blacklist-metadata | blacklists:read |
GET | /api/v1/panel/get-blacklist-table | blacklists:read |
POST | /api/v1/panel/create-blacklist | blacklists:create |
PATCH | /api/v1/panel/edit-blacklist | blacklists:update |
POST | /api/v1/panel/blacklist-action | blacklists:delete |
Variables
| Method | Path | Scope |
|---|---|---|
GET | /api/v1/panel/get-variables | variables:read |
POST | /api/v1/panel/create-variable | variables:create |
PATCH | /api/v1/panel/edit-variable | variables:update |
DELETE | /api/v1/panel/delete-variable | variables:delete |
Files
| Method | Path | Scope |
|---|---|---|
POST | /api/v1/panel/get-presigned-upload-url | files:upload |
POST | /api/v1/panel/check-file-name | files:upload |
GET | /api/v1/panel/check-file-uploaded-status | files:upload |
GET | /api/v1/panel/get-files-metadata | files:read |
GET | /api/v1/panel/get-files-table | files:read |
POST | /api/v1/panel/file-action | files:delete |
Live Sessions
| Method | Path | Scope |
|---|---|---|
GET | /api/v1/wss/get-application-sessions | sessions:read |
| WebSocket | /api/v1/wss/get-application-sessions | sessions:read |
| WebSocket message | disconnect_session | sessions:disconnect |
Account
| Method | Path | Scope |
|---|---|---|
GET | /api/v1/panel/get-account-limits | account:read |
Management API Keys
These routes are session-only. They are listed here because they manage the feature, but they do not accept Management API key authentication.
| Method | Path | Authentication |
|---|---|---|
GET | /api/v1/panel/api-keys | Dashboard session |
POST | /api/v1/panel/api-keys | Dashboard session |
PATCH | /api/v1/panel/api-keys/:id | Dashboard session |
POST | /api/v1/panel/api-keys/:id/revoke | Dashboard session |
Billing, authentication settings, account deletion, and Management API key management remain dashboard-session-only.