LeetAuth API


Here, we explain how to use our website in order to have a secure app.
Below you will find a few pictures with some text explaining exactly why and where you should use certain features + giving you a better insight into our frontend system.


After you purchase you license key through our web shop, you can head over to our website at: https://leet-auth.dev and press the login button in the top right corner. After doing so, you will be greeted by our web management panel. In the navigation bar you can choose between Login or Register, if you already have an account you may skip this step.

  1. 1.
    Fill in your username, password and email as well as your license key
  2. 2.
    Press submit and wait for the response, if a username is already in use the site will tell you so
Usernames are unique and in case any errors occur, your license key will not marked as invalid by our system until you have successfully registered your account


After you have registered, you may proceed to login. At login you may wonder why you have to select a method? We provide 2 type of accounts.

  • Developer: users that have purchased a license from us and wish to create and sell apps
  • API Key: every app can generate access keys, so called API Keys, with pre-defined permissions and have its admins or moderators even resellers make use of the system.

Choose the method that fits you and press the submit button once you have entered your credentials.

API keys require the application ID which can be found in the "Apps" tab after login, make sure to provide your users with that when your generate an API key


Picture of the first page you see after login

After you have logged in, you will be redirected to your management interface. In the navigation bar you can see following options:

  • Apps
  • Keys
  • Files
  • Licenses
  • Variables
  • Users
  • Logout

In this part of the guide we will be focusing on the "Apps" so go ahead and click that.

Apps tab in the web panel

This is what it will look like if you have no existing apps. Press the green button at the bottom right of the page to create an application. And fill in the applications name.

Application Settings

If the creation of your application has been successful this is what you will now see. Each row of the application table includes following columns

  • Public ID: this is your so called app ID used for every request related directly to your app
  • Name: this is the name that you have entered when creating the application
  • Enabled: this is the applications status, this can be changed by clicking the settings right next to it
  • Settings button (cyan button with a gear inside): this is the button used to manage and show your applications settings
  • Delete button (red button with a trash bin inside): clicking this will prompt you to confirm the removal of your application from our servers
Pressing the delete button by accident may happen. Our server only wipes the data 72 hours after the users request to prevent accidental data lost. If you have accidentally pressed it and confirmed it, feel free to contact us withing 72 hours and we will restore your application.

If you wish to manage your applications settings, press the gear icon next to Enabled and you will see following window pop up. Here you can do following actions:

  • Toggle its status Enabled/Disabled, when disabling you have to provide a reason which your users will be able to see when trying to login.
  • Need HWID? This options allows your to enabled HWID checks, only recommended to be used in Desktop apps that can get a unique identifier of the system, these checks can prevent sharing to some extent.
  • Verify checksum? This option helps you combat unpacking, cracking and byte patching attacks against your application, you may choose any hashing algorithm you wish and set your production applications exact hash after compiling. This is also only recommended to be used in Desktop apps.
  • Reset Keypair. Our system generates a JWT(JsonWebToken) for every user when they login, that token expires after 90 minutes and can not be invalidated manually by anyone, however pressing this button will reset the ECDSA key-pair used to generate those, meaning any token generated before this will no longer be valid. This can also be nick named the log out button.

API Keys

What are API keys?

API keys are simply put, credentials for non-owner accounts of applications. These keys can be generated and given to anyone due to our permission settings which allow you to create reseller, moderator or even adminstrative API keys.

How do I create API keys?

After creating your first app, you can start adding administrators or moderators to your application. Press the Keys button in the navigation bar, select your App ID from the drop-down and press the green button at the bottom right. This prompt requires following inputs:

  • API Key: this should be as unique as possible to prevent brute force attempts
  • Expires at: set the date and time at which the API key will no longer work
  • Permissions: permission level of the api key (read below for a in depth look at how permissions work)
  • Notes: this can only be seen by people with access to this tab, it could for example say "Key of my friend from Discord"

Permission Levels


LeetAuth allows users to store a limited amount of files up to a maximum size depending on their plan. These values can be seen in our main site as well as soon in the Profile tab. These files can only be downloaded by your applications, after the users have logged in. To upload files head over to the Files tab in the navigation bar, select your App ID, press Browse and select the file you wish to upload

Uploading large files may take a few seconds/minutes depending on your internet connection so be patient and wait for it to say "Sucessfully uploaded file"

To download a file, look at our code examples or at the raw API example in Post-Auth

License Keys

In order to have users access your application you can, of course manually add every customer to your application... but we see no reason to do so. With license keys you can generate as many license keys as needed and sell them to users (this even allows you to sell access through e-commerce sites like Shopify, Shoppy or Sellix). Following fields are required:

  • Plan
  • Valid for: this allows you to specify how much time the users access will last after registering with the said key
  • Amount of licenses: this number can range from 1 to as many as are needed

By the time you are reading this documentation we probably implemented a way for you to easier copy big amounts of license keys.

License keys are generated by us to ensure security. We use crypto-random algorithms to ensure that every key will be unique
Plan is a type of variable that can be anything you need it to be, this value will be returned by the server after a successful login and can be used by you or your appplication in any way you desire


What are variables?

LeetAuth allows developers to create and manage as many server-side variables as they wish, no matter what their plan is. With variables you have a secure way of accessing certain key value pairs stored and secured by us, these can be different things that you want to hide from your application until the user logs in or maybe even stuff that you just do not need/want to hard code inside your client

How do I create and use them?

To create variables, press the Variables button in your navigation bar, select your app id and then press the green button at the bottom right of your screen. A pop up window will appear, fill in the variables name and the value. To get the variables feel free to look at the raw API endpoints or at our code examples.


Creating users

User management is the core function of our system, that is why you have hopefully chosen us, so we have decided to leave the best at last. Managing users has never been as easy as with LeetAuth. We do not recommend to manually add a user due to password security and all that data stuff :D. License keys are the most secure way of dealing with user registration. But in case you still wish to manually add users: click the Users button in the navigation bar, select your App ID and press the green button at the bottom right. The fields seen here are self explanatory but for Plan and Expires at feel free to also look at the license creation above.

Managing users

After creating your user in case you did not already have some, you will quickly how easy it is to manage and see the users. Lets start off with the fields:

  • ID: this ID is a unique ObjectID generated by our database system, it is irrelevant to you but you can use it to request administrative help in case any issues should occur
  • Username: this is the username that the user uses when logging in together with his password
  • HWID: in case any HWID is set/required this is where you will be able to see it. HWID is not changeable, only resetable by clicking the cyan button on the right.
  • Plan: this is the plan set by you / assigned by the license key and this can be used to define more user specific restrictions on your backend system
  • Active until: This timestamp tells you exactly when that user will get a "Plan expired" error unless he renews his account access
  • Last Login: this is just a statistics feature that shows when a user has last logged in.
  • Joined At: this jusst shows you the exact timestamp at which the user has registered / was added to your service.

Just like the chapter name says, now we will show you how to manage your users.

These are the options that you can edit at any time:

  • Email address
  • Password
  • Plan
  • Expiry date
  • Ban status

To get this pop up, simply press the yelllow button on the right side of the specific user you wish to update.