Here, we explain how to use our website in order to have a secure app.
Below you will find a few pictures with some text explaining exactly why and where you should use certain features + giving you a better insight into our frontend system.
After you purchase you license key through our web shop, you can head over to our website at: https://leet-auth.dev and press the login button in the top right corner. After doing so, you will be greeted by our web management panel. In the navigation bar you can choose between Login or Register, if you already have an account you may skip this step.
- 1.Fill in your username, password and email as well as your license key
- 2.Press submit and wait for the response, if a username is already in use the site will tell you so
- Developer: users that have purchased a license from us and wish to create and sell apps
- API Key: every app can generate access keys, so called API Keys, with pre-defined permissions and have its admins or moderators even resellers make use of the system.
Picture of the first page you see after login
Apps tab in the web panel
- Public ID: this is your so called app ID used for every request related directly to your app
- Name: this is the name that you have entered when creating the application
- Enabled: this is the applications status, this can be changed by clicking the settings right next to it
- Settings button (cyan button with a gear inside): this is the button used to manage and show your applications settings
- Delete button (red button with a trash bin inside): clicking this will prompt you to confirm the removal of your application from our servers
- Toggle its status Enabled/Disabled, when disabling you have to provide a reason which your users will be able to see when trying to login.
- Need HWID? This options allows your to enabled HWID checks, only recommended to be used in Desktop apps that can get a unique identifier of the system, these checks can prevent sharing to some extent.
- Verify checksum? This option helps you combat unpacking, cracking and byte patching attacks against your application, you may choose any hashing algorithm you wish and set your production applications exact hash after compiling. This is also only recommended to be used in Desktop apps.
- Reset Keypair. Our system generates a JWT(JsonWebToken) for every user when they login, that token expires after 90 minutes and can not be invalidated manually by anyone, however pressing this button will reset the ECDSA key-pair used to generate those, meaning any token generated before this will no longer be valid. This can also be nick named the log out button.
- API Key: this should be as unique as possible to prevent brute force attempts
- Expires at: set the date and time at which the API key will no longer work
- Permissions: permission level of the api key (read below for a in depth look at how permissions work)
- Notes: this can only be seen by people with access to this tab, it could for example say "Key of my friend from Discord"
LeetAuth allows users to store a limited amount of files up to a maximum size depending on their plan. These values can be seen in our main site as well as soon in the Profile tab. These files can only be downloaded by your applications, after the users have logged in. To upload files head over to the Files tab in the navigation bar, select your App ID, press Browse and select the file you wish to upload
In order to have users access your application you can, of course manually add every customer to your application... but we see no reason to do so. With license keys you can generate as many license keys as needed and sell them to users (this even allows you to sell access through e-commerce sites like Shopify, Shoppy or Sellix). Following fields are required:
- Valid for: this allows you to specify how much time the users access will last after registering with the said key
- Amount of licenses: this number can range from 1 to as many as are needed
LeetAuth allows developers to create and manage as many server-side variables as they wish, no matter what their plan is. With variables you have a secure way of accessing certain key value pairs stored and secured by us, these can be different things that you want to hide from your application until the user logs in or maybe even stuff that you just do not need/want to hard code inside your client
User management is the core function of our system, that is why you have hopefully chosen us, so we have decided to leave the best at last. Managing users has never been as easy as with LeetAuth. We do not recommend to manually add a user due to password security and all that data stuff :D. License keys are the most secure way of dealing with user registration. But in case you still wish to manually add users: click the Users button in the navigation bar, select your App ID and press the green button at the bottom right. The fields seen here are self explanatory but for Plan and Expires at feel free to also look at the license creation above.
- ID: this ID is a unique ObjectID generated by our database system, it is irrelevant to you but you can use it to request administrative help in case any issues should occur
- Username: this is the username that the user uses when logging in together with his password
- HWID: in case any HWID is set/required this is where you will be able to see it. HWID is not changeable, only resetable by clicking the cyan button on the right.
- Plan: this is the plan set by you / assigned by the license key and this can be used to define more user specific restrictions on your backend system
- Active until: This timestamp tells you exactly when that user will get a "Plan expired" error unless he renews his account access
- Last Login: this is just a statistics feature that shows when a user has last logged in.
- Joined At: this jusst shows you the exact timestamp at which the user has registered / was added to your service.
- Email address
- Expiry date
- Ban status