Skip to content

Getting Started

The Web API is the most commonly used resource at Not only do members of the community use this for their third-party programs or Lua scripts, but solutions use this as well.

Calling a method from api.php requires 2 parameters.

  • key: Your raw license key.

  • cmd: The method.


Text Only

API Behavior

Most methods will return JSON data with a code and message. The JSON codes are standard to HTTP response status codes. Refer to the table below for an explanation for specific error messages:

Message Meaning
invalid api key The key used for your key parameter is invalid. See Restrictions below about this. If you get this error and repeatedly invoke it, you can get banned from the API. Which means, you will be banned from all solutions.
authorization denied by server You're banned from the API
this key does not have access to this method Secret key is method invoking is invalid.
... not an active Session See Restrictions
... enable 2-step on your forum account See Restrictions
... hash not matching See Restrictions
parameter is invalid or missing You didn't provide the required arguments for the method. Refer to the documentation of the method you're trying to use.
invalid API command The command you requested in cmd is not valid. Case sensitivity can cause this too.

The JSON data that is returned can appear squished or hard to read. If you pass &beautify as a parameter, it will beautify the JSON data automatically. Try adding it to the example shown earlier on this page:

Text Only

If you open that in your browser, you will see how much easier the output is to read due to beautify being added.


The API will not work if the one of the following conditions are present:

  • You are not a member.
  • You do not have two-step authorization enabled.
  • You are banned from
  • You do not have a valid hash.
  • You have not shown forum activity in 72 hours.

All API attempts are logged for administrator viewing purpose. However your key parameter is hidden in the logs to protect any leaked keys.

To protect outsiders or members who have their license key stolen or leaked, the Web API automatically sets a salted hash on the member's account per successful Session authorization. If the hashes do not match, API methods will not authorize. Read more about this here.

To further protect members from abuse, the API will not work if your Session is expired or your license key has not seen recent activity. You need to have an active Session to use the API. To also prevent stolen license keys, if the forum account associated with the key has not seen activity in 72 hours, API requests will be blocked.

The Web API is a privilege and can be specifically revoked for any member.