Skip to main content
Version: v1.0+

Account Management

Manage your account details, API keys, authentication settings, and password.

Get Account Details

Retrieve information about the authenticated account.

GET /api/client/account

Example Request

GET /api/client/account
curl "https://your-panel.com/api/client/account" \
-H "Authorization: Bearer ptlc_YOUR_API_KEY" \
-H "Accept: Application/vnd.pterodactyl.v1+json" \
-H "Content-Type: application/json"

Example Response

{
  "object": "user",
  "attributes": {
    "id": 1,
    "admin": true,
    "username": "admin",
    "email": "[email protected]",
    "first_name": "Admin",
    "last_name": "User",
    "language": "en"
  }
}

Two-Factor Authentication

Get 2FA QR Code

Generate a TOTP QR code image for setting up two-factor authentication.

GET /api/client/account/two-factor

Example Request

curl "https://your-panel.com/api/client/account/two-factor" \
  -H "Authorization: Bearer ptlc_YOUR_API_KEY" \
  -H "Accept: Application/vnd.pterodactyl.v1+json" \
  -H "Content-Type: application/json"

Example Response

{
  "data": {
    "image_url_data": "otpauth://totp/Pterodactyl:admin%40example.com?secret=XHL4JKY746CH46YJCHA25JWAUDBAM24I&issuer=Pterodactyl",
    "secret": "XHL4JKY746CH46YJCHA25JWAUDBAM24I"
  }
}

Enable 2FA

Enable TOTP two-factor authentication using the code from your authenticator app.

POST /api/client/account/two-factor

Request Body

FieldTypeRequiredDescription
codestringYes6-digit TOTP code from authenticator app

Example Request

curl -X POST "https://your-panel.com/api/client/account/two-factor" \
  -H "Authorization: Bearer ptlc_YOUR_API_KEY" \
  -H "Accept: Application/vnd.pterodactyl.v1+json" \
  -H "Content-Type: application/json" \
  -d '{
    "code": "123456"
  }'
const axios = require('axios');

const twoFactorData = {
  code: '123456'
};

const response = await axios.post('https://your-panel.com/api/client/account/two-factor', twoFactorData, {
  headers: {
    'Authorization': 'Bearer ptlc_YOUR_API_KEY',
    'Accept': 'Application/vnd.pterodactyl.v1+json',
    'Content-Type': 'application/json'
  }
});

console.log('2FA enabled successfully:', response.data);
import requests

headers = {
    'Authorization': 'Bearer ptlc_YOUR_API_KEY',
    'Accept': 'Application/vnd.pterodactyl.v1+json',
    'Content-Type': 'application/json'
}

two_factor_data = {
    'code': '123456'
}

response = requests.post('https://your-panel.com/api/client/account/two-factor', 
                        headers=headers, json=two_factor_data)
print('2FA enabled successfully:', response.json())
<?php
$client = new GuzzleHttp\Client();

$twoFactorData = [
    'code' => '123456'
];

$response = $client->post('https://your-panel.com/api/client/account/two-factor', [
    'headers' => [
        'Authorization' => 'Bearer ptlc_YOUR_API_KEY',
        'Accept' => 'Application/vnd.pterodactyl.v1+json',
        'Content-Type' => 'application/json'
    ],
    'json' => $twoFactorData
]);

$data = json_decode($response->getBody(), true);
print_r($data);
?>
package main

import (
    "bytes"
    "encoding/json"
    "fmt"
    "net/http"
)

func main() {
    twoFactorData := map[string]interface{}{
        "code": "123456",
    }
    
    jsonData, _ := json.Marshal(twoFactorData)
    
    client := &http.Client{}
    req, _ := http.NewRequest("POST", "https://your-panel.com/api/client/account/two-factor", bytes.NewBuffer(jsonData))
    req.Header.Add("Authorization", "Bearer ptlc_YOUR_API_KEY")
    req.Header.Add("Accept", "Application/vnd.pterodactyl.v1+json")
    req.Header.Add("Content-Type", "application/json")
    
    resp, _ := client.Do(req)
    defer resp.Body.Close()
    
    var result map[string]interface{}
    json.NewDecoder(resp.Body).Decode(&result)
    fmt.Println("2FA enabled successfully:", result)
}
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.URI;

String jsonData = """
{
  "code": "123456"
}
""";

HttpClient client = HttpClient.newHttpClient();
HttpRequest request = HttpRequest.newBuilder()
    .uri(URI.create("https://your-panel.com/api/client/account/two-factor"))
    .header("Authorization", "Bearer ptlc_YOUR_API_KEY")
    .header("Accept", "Application/vnd.pterodactyl.v1+json")
    .header("Content-Type", "application/json")
    .POST(HttpRequest.BodyPublishers.ofString(jsonData))
    .build();

HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
System.out.println("2FA enabled successfully: " + response.body());
using System.Net.Http;
using System.Text;
using System.Text.Json;
using System.Threading.Tasks;

var client = new HttpClient();
client.DefaultRequestHeaders.Add("Authorization", "Bearer ptlc_YOUR_API_KEY");
client.DefaultRequestHeaders.Add("Accept", "Application/vnd.pterodactyl.v1+json");

var twoFactorData = new {
    code = "123456"
};

var json = JsonSerializer.Serialize(twoFactorData);
var content = new StringContent(json, Encoding.UTF8, "application/json");

var response = await client.PostAsync("https://your-panel.com/api/client/account/two-factor", content);
var responseContent = await response.Content.ReadAsStringAsync();
Console.WriteLine("2FA enabled successfully: " + responseContent);
require 'net/http'
require 'json'

two_factor_data = {
  code: '123456'
}

uri = URI('https://your-panel.com/api/client/account/two-factor')
http = Net::HTTP.new(uri.host, uri.port)
http.use_ssl = true

request = Net::HTTP::Post.new(uri)
request['Authorization'] = 'Bearer ptlc_YOUR_API_KEY'
request['Accept'] = 'Application/vnd.pterodactyl.v1+json'
request['Content-Type'] = 'application/json'
request.body = two_factor_data.to_json

response = http.request(request)
puts "2FA enabled successfully: #{JSON.parse(response.body)}"

Example Response

{
  "object": "recovery_tokens",
  "attributes": {
    "tokens": [
      "MpBjHH8O08",
      "D9H0hktN6L", 
      "ho8KiUpeV8",
      "06vZEfrYPf",
      "nFRySZ2ryh",
      "7K1cTrhGoV",
      "n6xpwwlJfv",
      "hAmyCsZxYO",
      "5FiMKFyNpH",
      "IViSFoRFvW"
    ]
  }
}

Error Response (400)

{
  "errors": [
    {
      "code": "TwoFactorAuthenticationTokenInvalid",
      "status": "400",
      "detail": "The token provided is not valid."
    }
  ]
}

Disable 2FA

Disable two-factor authentication on the account.

POST /api/client/account/two-factor/disable

Request Body

FieldTypeRequiredDescription
passwordstringYesCurrent account password

Example Request

curl -X POST "https://your-panel.com/api/client/account/two-factor/disable" \
  -H "Authorization: Bearer ptlc_YOUR_API_KEY" \
  -H "Accept: Application/vnd.pterodactyl.v1+json" \
  -H "Content-Type: application/json" \
  -d '{
    "password": "your-current-password"
  }'

Success Response (204)

Returns empty response body with status code 204.

Error Response (400)

{
  "errors": [
    {
      "code": "BadRequestHttpException",
      "status": "400",
      "detail": "An error was encountered while processing this request."
    }
  ]
}

Email Management

Update Email Address

Update the email address associated with your account.

PUT /api/client/account/email

Request Body

FieldTypeRequiredDescription
emailstringYesNew email address
passwordstringYesCurrent account password

Example Request

curl -X PUT "https://your-panel.com/api/client/account/email" \
  -H "Authorization: Bearer ptlc_YOUR_API_KEY" \
  -H "Accept: Application/vnd.pterodactyl.v1+json" \
  -H "Content-Type: application/json" \
  -d '{
    "email": "[email protected]",
    "password": "your-current-password"
  }'

Success Response (201)

Returns empty response body with status code 201.

Error Responses

Invalid Email Format (400)

{
  "errors": [
    {
      "code": "email",
      "detail": "The email must be a valid email address.",
      "source": {
        "field": "email"
      }
    }
  ]
}

Invalid Password (400)

{
  "errors": [
    {
      "code": "InvalidPasswordProvidedException",
      "status": "400",
      "detail": "The password provided was invalid for this account."
    }
  ]
}

Password Management

Update Password

Change your account password.

PUT /api/client/account/password

Request Body

FieldTypeRequiredDescription
current_passwordstringYesCurrent account password
passwordstringYesNew password
password_confirmationstringYesConfirm new password

Example Request

curl -X PUT "https://your-panel.com/api/client/account/password" \
  -H "Authorization: Bearer ptlc_YOUR_API_KEY" \
  -H "Accept: Application/vnd.pterodactyl.v1+json" \
  -H "Content-Type: application/json" \
  -d '{
    "current_password": "old-password",
    "password": "new-secure-password",
    "password_confirmation": "new-secure-password"
  }'

Success Response (204)

Returns empty response body with status code 204.

API Keys

List API Keys

Retrieve a list of all API keys associated with your account.

GET /api/client/account/api-keys

Example Request

curl "https://your-panel.com/api/client/account/api-keys" \
  -H "Authorization: Bearer ptlc_YOUR_API_KEY" \
  -H "Accept: Application/vnd.pterodactyl.v1+json" \
  -H "Content-Type: application/json"

Example Response

{
  "object": "list",
  "data": [
    {
      "object": "api_key",
      "attributes": {
        "identifier": "wwQ5DJ6X1XaFznQS",
        "description": "API Documentation",
        "allowed_ips": [],
        "last_used_at": "2020-06-03T15:04:47+01:00",
        "created_at": "2020-05-18T00:12:43+01:00"
      }
    }
  ]
}

Create API Key

Generate a new API key with optional IP restrictions.

POST /api/client/account/api-keys

Request Body

FieldTypeRequiredDescription
descriptionstringYesDescription/note for the API key
allowed_ipsarrayNoList of allowed IP addresses

Example Request

curl -X POST "https://your-panel.com/api/client/account/api-keys" \
  -H "Authorization: Bearer ptlc_YOUR_API_KEY" \
  -H "Accept: Application/vnd.pterodactyl.v1+json" \
  -H "Content-Type: application/json" \
  -d '{
    "description": "My Application API Key",
    "allowed_ips": ["127.0.0.1", "192.168.1.100"]
  }'

Example Response

{
  "object": "api_key",
  "attributes": {
    "identifier": "yjAZbHMyKrv9YRZ0",
    "description": "My Application API Key",
    "allowed_ips": [
      "127.0.0.1",
      "192.168.1.100"
    ],
    "last_used_at": null,
    "created_at": "2020-08-17T04:44:42+01:00"
  },
  "meta": {
    "secret_token": "ptlc_wiHiMbmgjLOkA2fPzRD6KdMe7Q9Cqaka"
  }
}
Important

The secret_token in the meta object is only returned once during creation. Store it securely as it cannot be retrieved again.

Delete API Key

Delete a specific API key by its identifier.

DELETE /api/client/account/api-keys/{identifier}

URL Parameters

ParameterTypeDescription
identifierstringThe API key identifier

Example Request

curl -X DELETE "https://your-panel.com/api/client/account/api-keys/yjAZbHMyKrv9YRZ0" \
  -H "Authorization: Bearer ptlc_YOUR_API_KEY" \
  -H "Accept: Application/vnd.pterodactyl.v1+json" \
  -H "Content-Type: application/json"

Success Response (204)

Returns empty response body with status code 204.

Error Response (404)

{
  "errors": [
    {
      "code": "NotFoundHttpException",
      "status": "404",
      "detail": "An error was encountered while processing this request."
    }
  ]
}

Activity Logs

List Account Activity

Retrieve a list of recent account activity and audit logs.

GET /api/client/account/activity

Example Request

GET /api/client/account/activity
curl "https://your-panel.com/api/client/account/activity" \
-H "Authorization: Bearer ptlc_YOUR_API_KEY" \
-H "Accept: Application/vnd.pterodactyl.v1+json" \
-H "Content-Type: application/json"

Example Response

{
  "object": "list",
  "data": [
    {
      "object": "activity_log",
      "attributes": {
        "id": "2c5608f7-9798-4db6-becd-f3c4b63e1a7f",
        "batch": null,
        "event": "user:account.email-changed",
        "is_api": false,
        "ip": "192.168.1.100",
        "description": "Updated account email from [email protected] to [email protected]",
        "properties": {
          "old_email": "[email protected]",
          "new_email": "[email protected]"
        },
        "has_additional_metadata": true,
        "timestamp": "2024-01-15T10:30:00.000000Z"
      }
    },
    {
      "object": "activity_log",
      "attributes": {
        "id": "1a2b3c4d-5e6f-7g8h-9i0j-k1l2m3n4o5p6",
        "batch": null,
        "event": "user:account.password-changed",
        "is_api": false,
        "ip": "192.168.1.100",
        "description": "Account password was changed",
        "properties": {},
        "has_additional_metadata": false,
        "timestamp": "2024-01-14T15:45:00.000000Z"
      }
    }
  ],
  "meta": {
    "pagination": {
      "total": 45,
      "count": 2,
      "per_page": 50,
      "current_page": 1,
      "total_pages": 1,
      "links": {}
    }
  }
}

SSH Keys

List SSH Keys

Retrieve a list of SSH public keys associated with your account.

GET /api/client/account/ssh-keys

Example Request

GET /api/client/account/ssh-keys
curl "https://your-panel.com/api/client/account/ssh-keys" \
-H "Authorization: Bearer ptlc_YOUR_API_KEY" \
-H "Accept: Application/vnd.pterodactyl.v1+json" \
-H "Content-Type: application/json"

Example Response

{
  "object": "list",
  "data": [
    {
      "object": "ssh_key",
      "attributes": {
        "name": "My Laptop",
        "fingerprint": "SHA256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx",
        "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC...",
        "created_at": "2024-01-10T12:00:00.000000Z"
      }
    },
    {
      "object": "ssh_key",
      "attributes": {
        "name": "Work Desktop",
        "fingerprint": "SHA256:zyxw9876vuts5432rqpo1098nmlk7654jihg3210fedc",
        "public_key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ...",
        "created_at": "2024-01-05T09:30:00.000000Z"
      }
    }
  ]
}

Add SSH Key

Add a new SSH public key to your account.

POST /api/client/account/ssh-keys

Request Body

FieldTypeRequiredDescription
namestringYesDescriptive name for the SSH key
public_keystringYesSSH public key content

Example Request

POST /api/client/account/ssh-keys
curl -X POST "https://your-panel.com/api/client/account/ssh-keys" \
-H "Authorization: Bearer ptlc_YOUR_API_KEY" \
-H "Accept: Application/vnd.pterodactyl.v1+json" \
-H "Content-Type: application/json" \
-d '{
  "name": "My New Key",
  "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC..."
}'

Example Response

{
  "object": "ssh_key",
  "attributes": {
    "name": "My New Key",
    "fingerprint": "SHA256:newkey1234fingerprint5678hash9012",
    "public_key": "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC...",
    "created_at": "2024-01-20T14:30:00.000000Z"
  }
}

Remove SSH Key

Remove an SSH public key from your account.

POST /api/client/account/ssh-keys/remove

Request Body

FieldTypeRequiredDescription
fingerprintstringYesSSH key fingerprint to remove

Example Request

POST /api/client/account/ssh-keys/remove
curl -X POST "https://your-panel.com/api/client/account/ssh-keys/remove" \
-H "Authorization: Bearer ptlc_YOUR_API_KEY" \
-H "Accept: Application/vnd.pterodactyl.v1+json" \
-H "Content-Type: application/json" \
-d '{
  "fingerprint": "SHA256:abcd1234efgh5678ijkl9012mnop3456qrst7890uvwx"
}'

Success Response (204)

Returns empty response body with status code 204.

Common Error Codes

StatusCodeDescription
400ValidationExceptionRequest validation failed
401InvalidCredentialsExceptionInvalid API key
403InsufficientPermissionsExceptionInsufficient permissions
422UnprocessableEntityHttpExceptionInvalid request data

Source References

Controller: AccountController
API Keys Controller: ClientApiKeyController
Routes: api-client.php - Account endpoints
Account Model: User.php
API Key Model: ApiKey.php

Next Steps