Skip to main content
Version: v1.0+

Application API

The Application API provides administrative access to manage the entire Pterodactyl Panel. These endpoints require administrative privileges and are designed for panel automation, integration with external systems, and comprehensive server management.

Base URL

https://your-panel.com/api/application

Authentication

All Application API requests require an Application API key with administrative privileges:

curl "https://your-panel.com/api/application/users" \
-H "Authorization: Bearer ptla_YOUR_APPLICATION_API_KEY" \
-H "Accept: Application/vnd.pterodactyl.v1+json"
Administrative Access Required

These endpoints require administrative privileges and should only be used by trusted applications with proper authentication. Application API keys provide full panel access.

API Sections

User Management

Complete user lifecycle management for the panel.

Server Management

Administrative server operations and lifecycle management.

Node Management

Wings daemon node administration and configuration.

Location Management

Geographic organization and data center management.

Nests & Eggs Management

Server type and configuration management for game servers and applications.

Common Features

Filtering and Pagination

Most list endpoints support advanced filtering and pagination:

# Filter users by email domain
GET /api/application/users?filter[email]=@example.com

# Paginate results
GET /api/application/servers?page=2&per_page=25

# Sort by creation date
GET /api/application/nodes?sort=-created_at

Relationship Inclusion

Include related data in responses:

# Include servers with user data
GET /api/application/users/1?include=servers

# Include allocations and location with node
GET /api/application/nodes/1?include=allocations,location

Response Format

All responses follow consistent formatting:

{
"object": "list|resource_type",
"data": [ /* resource data */ ],
"meta": {
"pagination": {
"total": 50,
"count": 25,
"per_page": 25,
"current_page": 1,
"total_pages": 2,
"links": {}
}
}
}

Rate Limiting

The Application API implements rate limiting to prevent abuse:

  • Default Limit: 240 requests per minute per API key
  • Burst Limit: Up to 10 requests per second
  • Headers: Response includes rate limit headers
X-RateLimit-Limit: 240
X-RateLimit-Remaining: 235
X-RateLimit-Reset: 1642686400

Getting Started

  1. Generate an Application API Key

    • Log in as an administrator
    • Go to https://your-panel.com/admin/api
    • Click "Create API Key"
    • Optionally restrict by IP addresses
  2. Make Your First Request

    curl "https://your-panel.com/api/application/users" \
    -H "Authorization: Bearer ptla_YOUR_APPLICATION_API_KEY" \
    -H "Accept: Application/vnd.pterodactyl.v1+json"
  3. Explore Available Resources

    • Start with user management to test your API key
    • Use server management for automated deployments
    • Configure nodes and locations for infrastructure management

Source Code References

All Application API endpoints are implemented in the Pterodactyl Panel source code:

For detailed source code references, see our Source References Guide.

Security Considerations

  • Never expose Application API keys in client-side code
  • Use IP restrictions when possible for additional security
  • Regularly rotate API keys for production environments
  • Monitor API usage through the panel's audit logs
  • Implement proper error handling to avoid exposing sensitive information

Next Steps