3x-uiAuthentication
Two authentication modes are supported. UI sessions use a cookie set by the login endpoint. Programmatic clients (bots, scripts, remote panels) authenticate with a Bearer token taken from Settings → Security → API Token. Both work for every endpoint under /panel/api/*.
API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.
In: header
Request Body
application/json
TypeScript Definitions
Use the request body type in TypeScript.
Response Body
application/json
application/json
curl -X POST "https://example.com/login" \ -H "Content-Type: application/json" \ -d '{ "username": "admin", "password": "admin", "twoFactorCode": "123456" }'{ "success": true, "msg": "Logged in successfully"}{ "success": false, "msg": "Wrong username or password"}API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.
In: header
Response Body
application/json
curl -X POST "https://example.com/logout"{ "success": true}API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.
In: header
Response Body
application/json
curl -X GET "https://example.com/csrf-token"{ "success": true, "obj": "csrf-token-string"}API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.
In: header
Response Body
application/json
curl -X POST "https://example.com/getTwoFactorEnable"{ "success": true, "obj": false}