3x-uiAPI Tokens
Manage Bearer tokens used for programmatic auth (bots, central panels acting on this node, CI). Each token has a unique name and an enabled flag — disable to revoke without deleting, delete to revoke permanently. Tokens are stored as SHA-256 hashes and the plaintext is returned only once, in the create response — it cannot be retrieved afterwards, so copy it then. Send one as <code>Authorization: Bearer <token></code> on any /panel/api/* request — the token is a full-admin credential.
API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.
In: header
Response Body
application/json
curl -X GET "https://example.com/panel/api/setting/apiTokens"{ "success": true, "obj": [ { "id": 1, "name": "default", "enabled": true, "createdAt": 1736000000 } ]}API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
curl -X POST "https://example.com/panel/api/setting/apiTokens/create" \ -H "Content-Type: application/json" \ -d '{ "name": "central-panel-a" }'{ "success": true, "obj": { "createdAt": 1736000000, "enabled": true, "id": 2, "name": "central-panel-a", "token": "new-token-string" }}{ "success": false, "msg": "a token with that name already exists"}API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.
In: header
Path Parameters
Token row ID.
Response Body
application/json
curl -X POST "https://example.com/panel/api/setting/apiTokens/delete/0"{ "success": true}API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.
In: header
Path Parameters
Token row ID.
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
curl -X POST "https://example.com/panel/api/setting/apiTokens/setEnabled/0" \ -H "Content-Type: application/json" \ -d '{ "enabled": false }'{ "success": true}