Skip to main content
Version: v1.0+

Location Management

The Application API Location Management endpoints allow administrators to manage geographic locations in the panel. Locations are used to organize nodes by geographic regions or data centers for better server management and user experience.

Administrative Access Required

These endpoints require administrative privileges and should only be used by trusted applications with proper authentication.

Authentication

All Application API requests require authentication using an API key with appropriate permissions:

Authorization: Bearer YOUR_APPLICATION_API_KEY
Accept: Application/vnd.pterodactyl.v1+json
Content-Type: application/json

List All Locations

Retrieve a paginated list of all locations in the panel.

GET /api/application/locations

Query Parameters

ParameterTypeDescriptionDefault
pageintegerPage number for pagination1
per_pageintegerResults per page (1-100)50
filter[short]stringFilter by location short code-
filter[long]stringFilter by location long name-
sortstringSort field (id, short, long, created_at, updated_at)id
includestringInclude relationships (nodes, servers)-

Example Request

curl "https://your-panel.com/api/application/locations?include=nodes&per_page=25" \
-H "Authorization: Bearer ptla_YOUR_API_KEY" \
-H "Accept: Application/vnd.pterodactyl.v1+json"

Example Response

{
"object": "list",
"data": [
{
"object": "location",
"attributes": {
"id": 1,
"short": "us-east",
"long": "US East Coast",
"created_at": "2024-01-15T10:26:32+00:00",
"updated_at": "2024-01-15T10:26:32+00:00"
},
"relationships": {
"nodes": {
"object": "list",
"data": [
{
"object": "node",
"attributes": {
"id": 1,
"public": true,
"name": "Node 1",
"fqdn": "node1.example.com"
}
}
]
}
}
},
{
"object": "location",
"attributes": {
"id": 2,
"short": "eu-west",
"long": "Europe West",
"created_at": "2024-01-16T09:15:00+00:00",
"updated_at": "2024-01-16T09:15:00+00:00"
},
"relationships": {
"nodes": {
"object": "list",
"data": []
}
}
}
],
"meta": {
"pagination": {
"total": 2,
"count": 2,
"per_page": 50,
"current_page": 1,
"total_pages": 1,
"links": {}
}
}
}

Get Location Details

Retrieve detailed information about a specific location.

GET /api/application/locations/{location}

Path Parameters

ParameterTypeDescription
locationintegerLocation ID

Query Parameters

ParameterTypeDescription
includestringInclude relationships (nodes, servers)

Example Request

curl "https://your-panel.com/api/application/locations/1?include=nodes,servers" \
-H "Authorization: Bearer ptla_YOUR_API_KEY" \
-H "Accept: Application/vnd.pterodactyl.v1+json"

Example Response

{
"object": "location",
"attributes": {
"id": 1,
"short": "us-east",
"long": "US East Coast",
"created_at": "2024-01-15T10:26:32+00:00",
"updated_at": "2024-01-15T10:26:32+00:00"
},
"relationships": {
"nodes": {
"object": "list",
"data": [
{
"object": "node",
"attributes": {
"id": 1,
"public": true,
"name": "Node 1",
"fqdn": "node1.example.com",
"memory": 8192,
"disk": 102400
}
}
]
},
"servers": {
"object": "list",
"data": [
{
"object": "server",
"attributes": {
"id": 1,
"uuid": "d3aac109-e5e0-4331-b03e-3454f7e02bbe",
"name": "Minecraft Server",
"node": 1
}
}
]
}
}
}

Create New Location

Create a new location in the panel.

POST /api/application/locations

Request Body

FieldTypeRequiredDescription
shortstringYesShort location code (3-60 characters)
longstringNoLong location name (3-191 characters)

Example Request

curl -X POST "https://your-panel.com/api/application/locations" \
-H "Authorization: Bearer ptla_YOUR_API_KEY" \
-H "Accept: Application/vnd.pterodactyl.v1+json" \
-H "Content-Type: application/json" \
-d '{
"short": "ap-south",
"long": "Asia Pacific South"
}'

Example Response

{
"object": "location",
"attributes": {
"id": 3,
"short": "ap-south",
"long": "Asia Pacific South",
"created_at": "2024-01-20T14:30:45+00:00",
"updated_at": "2024-01-20T14:30:45+00:00"
}
}

Update Location

Update an existing location's information.

PATCH /api/application/locations/{location}

Path Parameters

ParameterTypeDescription
locationintegerLocation ID

Request Body

FieldTypeRequiredDescription
shortstringNoShort location code
longstringNoLong location name

Example Request

curl -X PATCH "https://your-panel.com/api/application/locations/3" \
-H "Authorization: Bearer ptla_YOUR_API_KEY" \
-H "Accept: Application/vnd.pterodactyl.v1+json" \
-H "Content-Type: application/json" \
-d '{
"short": "apac-south",
"long": "Asia Pacific South Region"
}'

Example Response

{
"object": "location",
"attributes": {
"id": 3,
"short": "apac-south",
"long": "Asia Pacific South Region",
"created_at": "2024-01-20T14:30:45+00:00",
"updated_at": "2024-01-20T15:45:30+00:00"
}
}

Delete Location

Delete a location from the panel. This action is irreversible.

DELETE /api/application/locations/{location}
Dependencies Required

A location can only be deleted if it has no associated nodes. Move or delete all nodes in the location before attempting to delete it.

Path Parameters

ParameterTypeDescription
locationintegerLocation ID

Example Request

curl -X DELETE "https://your-panel.com/api/application/locations/3" \
-H "Authorization: Bearer ptla_YOUR_API_KEY" \
-H "Accept: Application/vnd.pterodactyl.v1+json"

Response

Returns HTTP 204 No Content on successful deletion.

Error Responses

Common Error Codes

Status CodeDescription
400Bad Request - Invalid input data
401Unauthorized - Invalid API key
403Forbidden - Insufficient permissions
404Not Found - Location does not exist
422Validation Error - Invalid field values
429Too Many Requests - Rate limit exceeded

Example Error Response

{
"errors": [
{
"code": "ValidationException",
"status": "422",
"detail": "The short field is required.",
"source": {
"field": "short"
}
}
]
}

Best Practices

Naming Conventions

  1. Short Codes: Use consistent, descriptive short codes

    • Geographic: us-east, eu-west, ap-south
    • Data Center: dc1, dc2, aws-us-east-1
    • Provider: vultr-ny, do-fra, hetzner-de
  2. Long Names: Use full descriptive names

    • United States East Coast
    • Europe West (Frankfurt)
    • Asia Pacific South (Singapore)

Organization Strategies

  1. Geographic Organization

    us-east    → United States East Coast
    us-west → United States West Coast
    eu-central → Europe Central
    ap-south → Asia Pacific South
  2. Provider-Based Organization

    vultr-ny   → Vultr New York
    do-fra → DigitalOcean Frankfurt
    aws-ohio → Amazon Web Services Ohio
  3. Data Center Organization

    dc1-primary   → Primary Data Center
    dc2-backup → Backup Data Center
    dc3-disaster → Disaster Recovery

Security Considerations

  1. API Key Protection: Store API keys securely and never expose them in client-side code
  2. HTTPS Only: Always use HTTPS for API requests
  3. Input Validation: Validate all input data before sending API requests
  4. Rate Limiting: Implement proper rate limiting to avoid hitting API limits
  5. Error Handling: Implement comprehensive error handling for all API calls

Integration Examples

// Location management service example
class LocationService {
constructor(apiKey, baseUrl) {
this.apiKey = apiKey;
this.baseUrl = baseUrl;
this.headers = {
'Authorization': `Bearer ${apiKey}`,
'Accept': 'Application/vnd.pterodactyl.v1+json',
'Content-Type': 'application/json'
};
}

async getAllLocations(options = {}) {
const params = new URLSearchParams(options);
const response = await fetch(`${this.baseUrl}/api/application/locations?${params}`, {
headers: this.headers
});
return response.json();
}

async createLocation(locationData) {
const response = await fetch(`${this.baseUrl}/api/application/locations`, {
method: 'POST',
headers: this.headers,
body: JSON.stringify(locationData)
});
return response.json();
}

async updateLocation(locationId, updateData) {
const response = await fetch(`${this.baseUrl}/api/application/locations/${locationId}`, {
method: 'PATCH',
headers: this.headers,
body: JSON.stringify(updateData)
});
return response.json();
}

async deleteLocation(locationId) {
const response = await fetch(`${this.baseUrl}/api/application/locations/${locationId}`, {
method: 'DELETE',
headers: this.headers
});
return response.status === 204;
}

async getLocationWithNodes(locationId) {
const response = await fetch(`${this.baseUrl}/api/application/locations/${locationId}?include=nodes`, {
headers: this.headers
});
return response.json();
}
}

Rate Limiting

The Application API implements rate limiting to prevent abuse:

  • Default Limit: 240 requests per minute per API key
  • Burst Limit: Up to 10 requests per second
  • Headers: Response includes rate limit headers
X-RateLimit-Limit: 240
X-RateLimit-Remaining: 235
X-RateLimit-Reset: 1642686400

Source Code References

Controllers and Routes

Method: LocationController@index (List Locations)
Route: GET /api/application/locations
Source: LocationController.php

Method: LocationController@view (Get Location)
Route: GET /api/application/locations/{location}
Source: LocationController.php

Method: LocationController@store (Create Location)
Route: POST /api/application/locations
Source: LocationController.php

Method: LocationController@update (Update Location)
Route: PATCH /api/application/locations/{location}
Source: LocationController.php

Method: LocationController@delete (Delete Location)
Route: DELETE /api/application/locations/{location}
Source: LocationController.php

Services

Location Creation Service: LocationCreationService.php
Location Update Service: LocationUpdateService.php
Location Deletion Service: LocationDeletionService.php

Models and Validation

Location Model: Location.php
Location Store Request: StoreLocationRequest.php
Location Update Request: UpdateLocationRequest.php

Route Definitions

Application Routes: api-application.php - Lines 90-95

For detailed implementation and the latest updates, refer to the Pterodactyl Panel repository.