Overview

Use Management API keys to call Blazeauth dashboard HTTP APIs from backend services.

Management API keys let your server call Blazeauth management endpoints without a browser session. They are separate from application WebSocket/API keys used by your client application at runtime.

Availability

Management API keys are available starting from the Basic plan. Free accounts cannot create keys.

Base URLs

Production examples use:

https://api.blazeauth.net

Panel routes are under /api/v1/panel. Live session management routes are under /api/v1/wss.

What they are for

  • Server-side automation for applications, licenses, app users, blacklists, variables, files, and live sessions.
  • Scoped access so one integration can be read-only while another can create or update resources.
  • Optional application restrictions so a key can be limited to selected applications.

What they cannot do

Management API keys cannot manage billing, password, email, two-factor authentication, account deletion, or other Management API keys.

Routes for creating, updating, and revoking Management API keys are documented here because they are part of the feature, but they require dashboard session authentication. You cannot call those routes with a Management API key.

Response shape

Most endpoints return the same success envelope:

{
  "success": true,
  "message": "Successfully fetched applications",
  "data": []
}

Some legacy panel endpoints return the payload outside data, for example createdLicenses or totalPages. The endpoint reference pages call those cases out.

Errors return:

{
  "success": false,
  "code": "insufficient_scope",
  "message": "Insufficient API key scope."
}

See Errors for common codes.

Identifiers and dates

Resource identifiers are large integer ids. Treat them as strings in JavaScript clients to avoid precision loss.

Date/time fields are returned as ISO 8601 strings unless a page explicitly documents a numeric timestamp. Live session rows use numeric timestamps from the session service.

Common query patterns

Table endpoints use currentPage and optional searchParams. searchParams is a JSON string, URL-encoded in the query string:

searchParams=%7B%22searchString%22%3A%22john%22%2C%22categories%22%3A%5B%22Login%22%5D%7D

Live session endpoints use page, pageSize, searchString, and categories.

Quick start

curl "https://api.blazeauth.net/api/v1/panel/get-applications" \
  -H "Authorization: Bearer $BLAZEAUTH_MANAGEMENT_API_KEY"

Then choose the detailed page for the resource you want to manage:

Applications

Application records, settings, runtime keys, and license levels.

Licenses

License tables, creation, editing, and bulk/single actions.

App users

Application user tables, creation, editing, and actions.

Live sessions

HTTP session listing and WebSocket management stream.

Authentication

Authenticate Management API requests with a Bearer token.

On this page

Base URLsWhat they are forWhat they cannot doResponse shapeIdentifiers and datesCommon query patternsQuick start