3x-ui3x-ui

Xray Settings

Xray configuration template, outbound management, Warp/Nord integration, and config testing. All endpoints under /panel/api/xray.

Return the Xray config template (JSON string), available inbound tags, client reverse tags, and the configured outbound test URL in one response.

POST
/panel/api/xray/

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/"
{  "success": true,  "obj": {    "xraySetting": "{...raw xray config...}",    "inboundTags": "[\"in-443-tcp\"]",    "clientReverseTags": "[]",    "outboundTestUrl": "https://www.google.com/generate_204"  }}

Return the built-in default Xray config shipped with the panel (identical to /panel/api/setting/getDefaultJsonConfig).

GET
/panel/api/xray/getDefaultJsonConfig

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Response Body

application/json

curl -X GET "https://example.com/panel/api/xray/getDefaultJsonConfig"
{  "success": true,  "msg": "string",  "obj": null}

Return traffic statistics for every outbound. Each outbound shows up/down/total counters.

GET
/panel/api/xray/getOutboundsTraffic

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Response Body

application/json

curl -X GET "https://example.com/panel/api/xray/getOutboundsTraffic"
{  "success": true,  "msg": "string",  "obj": null}

Return the most recent Xray process stdout/stderr output. Useful to check for startup errors or runtime warnings.

GET
/panel/api/xray/getXrayResult

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Response Body

application/json

curl -X GET "https://example.com/panel/api/xray/getXrayResult"
{  "success": true,  "msg": "string",  "obj": null}

Save the Xray JSON config template and optionally the outbound test URL. Both are sent as form fields.

POST
/panel/api/xray/update

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/update"
{  "success": true,  "msg": "string",  "obj": null}

Manage Cloudflare Warp integration. The action parameter selects the operation.

POST
/panel/api/xray/warp/{action}

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Path Parameters

action*string

data — return Warp stats (quota, remaining). del — delete Warp data. config — return current Warp config. reg — register a new Warp endpoint (sends privateKey, publicKey). license — set a Warp+ license key (sends license).

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/warp/string"
{  "success": true,  "msg": "string",  "obj": null}

Manage NordVPN integration. The action parameter selects the operation.

POST
/panel/api/xray/nord/{action}

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Path Parameters

action*string

countries — list available countries. servers — list servers in a country (sends countryId). reg — get NordVPN credentials (sends token). setKey — store NordVPN API key (sends key). data — return current NordVPN connection data. del — delete NordVPN data.

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/nord/string"
{  "success": true,  "msg": "string",  "obj": null}

Reset traffic counters for a specific outbound by tag.

POST
/panel/api/xray/resetOutboundsTraffic

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/resetOutboundsTraffic" \  -H "Content-Type: application/json" \  -d '{}'
{  "success": true,  "msg": "string",  "obj": null}

Test an outbound configuration. Sends the outbound JSON (required), optionally all outbounds (to resolve sockopt.dialerProxy dependencies), and a mode flag.

POST
/panel/api/xray/testOutbound

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/testOutbound" \  -H "Content-Type: application/json" \  -d '{}'
{  "success": true,  "msg": "string",  "obj": null}

Test a batch of outbounds (max 50) through one shared temp xray instance. Returns an array of results in input order, each with the outbound tag, delay, HTTP status and a connect/TLS/TTFB timing breakdown.

POST
/panel/api/xray/testOutbounds

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/testOutbounds" \  -H "Content-Type: application/json" \  -d '{}'
{  "success": true,  "msg": "string",  "obj": null}

Live state of routing balancers in the running core (RoutingService.GetBalancerInfo): current override and the targets the strategy prefers. Returns a map keyed by balancer tag.

POST
/panel/api/xray/balancerStatus

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/balancerStatus" \  -H "Content-Type: application/json" \  -d '{}'
{  "success": true,  "msg": "string",  "obj": null}

Force a balancer in the running core to always pick one outbound (RoutingService.OverrideBalancerTarget). Applied live without a restart; cleared automatically when Xray restarts.

POST
/panel/api/xray/balancerOverride

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/balancerOverride" \  -H "Content-Type: application/json" \  -d '{}'
{  "success": true,  "msg": "string",  "obj": null}

Ask the running core which outbound its router would pick for a synthetic connection (RoutingService.TestRoute). No traffic is sent.

POST
/panel/api/xray/routeTest

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Request Body

application/json

TypeScript Definitions

Use the request body type in TypeScript.

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/routeTest" \  -H "Content-Type: application/json" \  -d '{}'
{  "success": true,  "msg": "string",  "obj": null}

List all outbound subscriptions (remote URLs that supply additional outbounds), newest first.

GET
/panel/api/xray/outbound-subs

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Response Body

application/json

curl -X GET "https://example.com/panel/api/xray/outbound-subs"
{  "success": true,  "msg": "string",  "obj": null}

Create an outbound subscription. The URL is fetched, parsed into outbounds with stable tags, and merged additively into the running Xray config.

POST
/panel/api/xray/outbound-subs

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/outbound-subs"
{  "success": true,  "msg": "string",  "obj": null}

Update an existing outbound subscription by id. Accepts the same form fields as create.

POST
/panel/api/xray/outbound-subs/{id}

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Path Parameters

id*integer

Subscription id.

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/outbound-subs/0"
{  "success": true,  "msg": "string",  "obj": null}

Delete an outbound subscription by id.

DELETE
/panel/api/xray/outbound-subs/{id}

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Path Parameters

id*integer

Subscription id.

Response Body

application/json

curl -X DELETE "https://example.com/panel/api/xray/outbound-subs/0"
{  "success": true,  "msg": "string",  "obj": null}

Delete an outbound subscription by id (POST alias of DELETE for axios-friendly clients).

POST
/panel/api/xray/outbound-subs/{id}/del

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Path Parameters

id*integer

Subscription id.

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/outbound-subs/0/del"
{  "success": true,  "msg": "string",  "obj": null}

Force an immediate re-fetch of the subscription and return the parsed outbounds. Signals Xray to reload.

POST
/panel/api/xray/outbound-subs/{id}/refresh

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Path Parameters

id*integer

Subscription id.

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/outbound-subs/0/refresh"
{  "success": true,  "msg": "string",  "obj": null}

Reorder a subscription one step up or down in priority (controls its position in the merged outbounds).

POST
/panel/api/xray/outbound-subs/{id}/move

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Path Parameters

id*integer

Subscription id.

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/outbound-subs/0/move"
{  "success": true,  "msg": "string",  "obj": null}

Preview a subscription URL: fetch and parse it into outbounds without persisting anything.

POST
/panel/api/xray/outbound-subs/parse

Authorization

AuthorizationBearer <token>

API token from Settings → Security → API Token. Send as Authorization: Bearer <token>.

In: header

Response Body

application/json

curl -X POST "https://example.com/panel/api/xray/outbound-subs/parse"
{  "success": true,  "msg": "string",  "obj": null}