Client API reference (1.2)

KeyAuth-compatible: existing KeyAuth SDKs work when you point url to Ghotz and use your app credentials. See KeyAuth → Ghotz migration.

Base URL (POST, application/x-www-form-urlencoded or form fields):

https://keyghotz.space/api/1.2/

Every request needs your app identity:

Field	Required	Description
`name`	Yes	Application name (dashboard)
`ownerid`	Yes	10-character account Owner ID
`type`	Yes	Endpoint: `init`, `register`, `login`, `license`, …

Response signature

JSON body is returned with header signature: HMAC-SHA256(response_body, app_secret). If you passed enckey on init, later responses may use enckey + "-" + secret as the HMAC key (Ghotz-compatible).

Function management (enable in dashboard)

Feature	Bitmask	`type`
Login	1	`login`
Register	2	`register`
License (key-only)	4	`license`

Enable under App Settings → Function Management. If disabled, API returns an error telling you to enable it.

1. init

Start a session before register/login/license.

Field	Notes
`type`	`init`
`ver`	Your program version (optional version check)
`enckey`	Optional, max 35 chars — enables encrypted responses

Success returns sessionid — save it for the next calls.

{
  "success": true,
  "message": "Initialized",
  "sessionid": "xxxxxxxx",
  "appinfo": { "version": "1.0", "customerPanelLink": "https://keyghotz.space/panel/..." }
}

2. register (username + password + license key)

Field	Notes
`sessionid`	From `init`
`username`	New username (max 70 chars)
`pass`	Password
`key`	Unused license key from dashboard / store
`hwid`	Hardware ID (required if HWID lock enabled, min 20 chars when set)
`email`	Optional

3. login (username + password)

Field	Notes
`sessionid`	From `init`
`username`	Registered username
`pass`	Password
`hwid`	Machine identifier (lock / reset in dashboard)

Success returns info with subscription details.

4. license (key only, no username)

User redeems a license key as both username and password internally — good for simple loaders.

Field	Notes
`sessionid`	From `init`
`key`	License key
`hwid`	Hardware ID

Store webhook (website payments)

Separate endpoint — not part of 1.2 client API:

POST https://keyghotz.space/api/store/?app=APP_SECRET

See Website tutorial or STORE_WEBHOOK.md in the project root.

Seller API (generate keys from server)

GET https://keyghotz.space/api/seller/?sellerkey=SELLER_KEY&type=add&expiry=30&level=1&amount=1

Use only on your server — never expose sellerkey in the browser.