V2 Validation API Endpoints

PandaAuth Validation Endpoints

⚠️ Disclaimer & Best Practices

  • Use at Your Own Risk: Direct interaction with these endpoints requires careful implementation. Panda Development provides these specifications as-is and may offer limited support for custom client implementations.

  • Security: You are responsible for how you handle keys, HWIDs, and API responses, especially in client-side applications.

  • Endpoint Updates: API endpoints or response structures may change. Monitor official channels for any announcements.

  • Rate Limiting: Be mindful of API rate limits. Avoid making an excessive number of requests.

🔑 Core Concepts

  • Service Identifier (serviceId): A unique string identifying your application.

  • License Key (key): The user-specific key.

  • Hardware ID (hwid): An identifier for the user's machine/environment.

  • HTTP GET Requests: All interactions are via HTTP GET.

  • JSON Responses: The API primarily responds with JSON.

➡️ Endpoints

1. Key Validation Endpoint

Use this endpoint to check if a license key is valid for a given service and hardware ID.

  • URL: https://pandadevelopment.net/v2_validation

  • Method: GET

  • Query Parameters:

    • key: (string, required) The license key to validate.

    • service: (string, required) Your unique service identifier.

    • hwid: (string, required) The user's Hardware ID.

  • How to Use:

    1. Construct the full request URL by appending the query parameters.

      • Example: https://pandadevelopment.net/v2_validation?key=USER_KEY_HERE&service=YOUR_SERVICE_ID&hwid=USER_HWID_HERE

      • Ensure all parameter values are properly URL-encoded.

    2. Send an HTTP GET request to this constructed URL.

    3. The server will respond with an HTTP status code and a JSON body.

  • Interpreting the Response:

    • Successful Validation (HTTP 200 OK): The JSON body will contain:

      {
    "V2_Authentication": "success",
    "key_value": "USER_KEY_HERE",
    "is_premium": false, // or true
    "expires_on": "YYYY-MM-DD HH:MM:SS", // Example
    "message": "Authenticated successfully."
    // ... other potential key details
}

      Check V2_Authentication == "success".

    • Failed Validation (HTTP 200 OK, error in JSON): The JSON body will indicate failure:

      {
    "V2_Authentication": "failed", // or "invalid_key", "expired", etc.
    "reason": "Invalid key provided.", // Specific reason
    "message": "Authentication failed."
}

      Check V2_Authentication for non-"success" values and inspect the reason field.

    • API/HTTP Errors (Non-200 OK status codes): If you receive an HTTP status like 400, 401, 403, 500, etc., this indicates an issue with the request itself (e.g., malformed, missing parameters, invalid service ID not tied to key validity) or a server-side problem. The response body might contain a JSON object with an error description.

2. Get Key Link Endpoint

Use this endpoint to obtain a URL that directs users to a page where they can get a new license key for your service, often associated with their HWID.

  • URL: https://pandadevelopment.net/getkey

  • Method: GET

  • Query Parameters:

    • service: (string, required) Your unique service identifier.

    • hwid: (string, required) The user's Hardware ID.

  • How to Use:

    1. Construct the full request URL by appending the query parameters.

      • Example: https://pandadevelopment.net/getkey?service=YOUR_SERVICE_ID&hwid=USER_HWID_HERE

      • Ensure all parameter values are properly URL-encoded.

    2. Send an HTTP GET request to this constructed URL.

  • Interpreting the Response:

    • Successful Retrieval (HTTP 200 OK): The body of the HTTP response itself will be the plain text URL string that the user should visit. It is not typically a JSON response.

      • Example Response Body (Plain Text): https://pandakeyportal.example.com/acquire?service=YOUR_SERVICE_ID&hwid_token=TOKEN_FOR_HWID

    • API/HTTP Errors (Non-200 OK status codes): If you receive an HTTP status like 400, 403, 500, etc., this indicates an issue with the request or a server-side problem. The response body might contain more details.

✨ General Considerations

  • URL Encoding: Always URL-encode any user-provided data or special characters used in query parameter values (e.g., the key, serviceId, hwid).

  • Content Type: While you are sending GET requests (which don't have a request body content type), be prepared to parse application/json for the Validation Endpoint response, and text/plain (or similar, check Content-Type header) for the Get Key Link Endpoint.

  • Security of HWID: The effectiveness of HWID-locking depends on how unique and difficult-to-spoof your HWID generation method is on the client-side.

  • Error Handling: Your application should gracefully handle various HTTP status codes and be able to parse error messages from the JSON responses or plain text bodies.

This guide outlines the direct HTTP interactions required to use the Panda Development V2 API endpoints.

PreviousGolangNextPanda Auth API Documentation

Last updated