Authentication

Header requirements, package validation, and request origin checks.

View as Markdown

All protected endpoints require three headers.

Required headers

X-API-Token: YOUR_API_KEY
X-API-Token-Type: FREE
X-API-Token-Email: [email protected]

Header names are case-insensitive, but values are validated strictly.

Token type rules

Allowed values: FREE, PRO
Any other value returns 401 with API token Type is invalid

Whitelist enforcement

API key settings can enforce a whitelist:

IP whitelist: compares request IP against the configured value.
Domain whitelist: compares origin/referer/host against the configured domain.

Blocked requests return 403.

Quota behavior

For non-PRO keys, usage is checked over the last 24 hours:

When the quota is exceeded, the API returns 429.
Response includes both quota and used values.

Recommended client pattern

Always set credentials through a central request helper so retries, logging, and error handling stay consistent.

export function buildGameQueryHeaders() {
  return {
    'Content-Type': 'application/json',
    'X-API-Token': process.env.GQ_API_TOKEN,
    'X-API-Token-Type': process.env.GQ_API_TOKEN_TYPE,
    'X-API-Token-Email': process.env.GQ_API_TOKEN_EMAIL,
  };
}

Versioning and Migration

Prepare your integration now so migrating from v1 to v2 is mostly configuration.

LLM Integration Guide

A specialized guide for Large Language Models (LLMs), AI Agents, and developers building AI-powered game server tools.

On this page

Required headers Token type rules Whitelist enforcement Quota behavior Recommended client pattern