Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/calagopus/panel/llms.txt

Use this file to discover all available pages before exploring further.

The account endpoints under /api/client/account let you read and update your own profile, manage API keys, configure two-factor authentication, and review active sessions.

Get account

Returns the full profile of the authenticated user. 
GET /api/client/account
user
object
The authenticated user’s profile.
curl https://your-panel.example.com/api/client/account \
  -H "Authorization: Bearer ptlc_YourKey"

Update account

Updates profile fields for the authenticated user. All fields are optional; only provided fields are changed. 
PATCH /api/client/account
username
string
New username. 3–15 characters, alphanumeric and underscores only.
name_first
string
First name. 2–255 characters.
name_last
string
Last name. 2–255 characters.
language
string
UI language code. 2–15 characters. Only accepted if the panel allows language changes.
toast_position
string
Notification position. One of top_left, top_center, top_right, bottom_left, bottom_center, bottom_right.
start_on_grouped_servers
boolean
Whether the server list opens in grouped view by default.
Required permission: account.infos

Change password

Updates the account password. Requires the current password for verification. 
POST /api/client/account/password
current_password
string
required
The account’s current password.
password
string
required
The new password.
password_confirmation
string
required
Must match password.
Required permission: account.password

Logout

Destroys the current session (when authenticated via session cookie). 
POST /api/client/account/logout

API keys

List API keys

GET /api/client/account/api-keys
page
integer
default:"1"
Page number.
per_page
integer
default:"10"
Items per page.
search
string
Filter by key name.
Required permission: api-keys.read
api_keys
object (paginated)
List of API key objects.

Create an API key

POST /api/client/account/api-keys
name
string
required
Key name. 3–31 characters.
allowed_ips
string[]
required
Allowed IP addresses or CIDR ranges. Empty array allows all IPs.
user_permissions
string[]
required
User-level permissions to grant. Must be a subset of your own permissions.
admin_permissions
string[]
required
Admin-level permissions to grant. Must be a subset of your own permissions.
server_permissions
string[]
required
Server-level permissions to grant. Must be a subset of your own permissions.
expires
string
Optional ISO 8601 expiry datetime. Must be in the future.
Required permission: api-keys.create The response includes a key field with the full API key value. This is returned only once. 
{
  "api_key": { "uuid": "...", "name": "my-key", ... },
  "key": "ptlc_YourNewKeyHere"
}

Delete an API key

DELETE /api/client/account/api-keys/{api_key}
api_key
string
required
UUID of the API key to delete.
Required permission: api-keys.delete

Two-factor authentication

Begin 2FA setup

Generates a TOTP secret and OTP URL to display as a QR code. 
GET /api/client/account/two-factor
otp_url
string
otpauth:// URL to encode as a QR code for authenticator apps.
secret
string
Base32-encoded TOTP secret for manual entry.
Returns 409 Conflict if 2FA is already enabled. Required permission: account.two-factor

Enable 2FA

Confirms the TOTP setup with the first valid code. 
POST /api/client/account/two-factor
code
string
required
6-digit TOTP code from your authenticator app.
password
string
required
Current account password for verification.
Returns a list of recovery codes on success. Save these codes securely. 
{
  "recovery_codes": ["AAAA-BBBB-CCCC", "DDDD-EEEE-FFFF", "..."]
}
Required permission: account.two-factor

Disable 2FA

DELETE /api/client/account/two-factor
code
string
required
Either a 6-digit TOTP code or a 10-character recovery code.
password
string
required
Current account password.
Required permission: account.two-factor

Sessions

List sessions

GET /api/client/account/sessions
Returns all active sessions for the account, including IP address, user agent, and last-used time.

Revoke a session

DELETE /api/client/account/sessions/{session}
session
string
required
UUID of the session to revoke.

Build docs developers (and LLMs) love

Get started for freeTalk to us