API Reference
Authentication
Login users and authorize apps. Two-layer auth: AppID:AppKey header on every request plus a user token from login.
POST
/api/vaneltonid/login.php
Authenticate a user with email and password. Returns a session token and app authorization status.
Requires
Authorization: AppID:AppKey header
Request body
| Field | Type | Required | Description |
|---|---|---|---|
| string | required | User's email address | |
| password | string | required | User's password |
| masterkey | string | optional | Device key for multi-session support (e.g. "mobile-ios") |
Test this endpoint
Headers
Body
Success response 200
{
"vaneltonid": {
"logged": 1,
"id": 42,
"userkey": "abc123...",
"email": "user@email.com",
"username": "vanelton",
"name": "Vanelton",
"profileimg": "https://...",
"idverify": 1,
"vaneltonpass": false,
"roles": "[developer]",
"token": "SESSION_TOKEN_HERE",
"itemKeys": ["key1", "key2"]
},
"app": {
"authorized": 1,
"packageid": "com.myapp.game",
"appname": "My App",
"appversion": "1.0.0"
}
}Errors
| Code | Message |
|---|---|
| 401 | Authorization header with appid:appkey is required. |
| 401 | Invalid app credentials. |
| 401 | Invalid email or password. |
POST
/api/vaneltonid/auth.php
Links your app to a user account. Call this when app.authorized === 0 in the login response.
Requires
Authorization: AppID:AppKey header + user token
Request body
| Field | Type | Required | Description |
|---|---|---|---|
| token | string | required | User session token from login |
Test this endpoint
Headers
Body
Success response 200
{ "success": true, "message": "App authorized successfully." }Errors
| Code | Message |
|---|---|
| 401 | Invalid or expired token. |
| 403 | Origin not allowed. |