API Documentation
The Server Manager exposes a REST API and SignalR Hub for communication with the Remote Client. All endpoints (except authentication) require JWT authentication with appropriate permissions.
API Endpoints
1. Authentication
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/auth/login | POST | Login with credentials | LoginRequest (DTO) | None (public) |
| /api/auth/logout | POST | Logout and revoke token | (none) | Valid JWT |
2. Admin
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/admin/user/create | POST | Create new user | CreateUserRequestDTO (DTO) | admins_accounts + admins_editusers |
| /api/admin/user/update | POST | Update existing user | UpdateUserRequestDTO (DTO) | admins_accounts + admins_editusers |
| /api/admin/user/delete | POST | Delete user | DeleteUserRequestDTO (DTO) | admins_accounts + admins_editusers |
3. Audit
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/audit/logs | POST | Get audit logs with filtering | AuditLogRequest (DTO) | admins_auditlogs |
| /api/audit/categories | GET | Get audit categories | (none) | admins_auditlogs |
| /api/audit/actiontypes | GET | Get audit action types | (none) | admins_auditlogs |
| /api/audit/stats | GET | Get audit statistics | hours (int, query) | admins_auditlogs |
4. Ban
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/ban/save-blacklist | POST | Save blacklist record | BanDTOs (DTO) | bans |
| /api/ban/delete-blacklist | POST | Delete blacklist record | DeleteBanRecordRequest (DTO) | bans |
| /api/ban/save-whitelist | POST | Save whitelist record | BanDTOs (DTO) | bans |
| /api/ban/delete-whitelist | POST | Delete whitelist record | DeleteBanRecordRequest (DTO) | bans |
4.1 NetLimiter
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/ban/netlimiter/save | POST | Save NetLimiter settings | NetLimiterSettingsRequest (DTO) | bans |
| /api/ban/netlimiter/filters | GET | Get NetLimiter filters | (none) | bans |
4.2 ProxyCheck
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/ban/proxycheck/validate | POST | Validate proxy check | ProxyCheckTestRequest (DTO) | bans |
| /api/ban/proxycheck/save | POST | Save proxy check settings | ProxyCheck (DTO) | bans |
| /api/ban/proxycheck/country/add | POST | Add blocked country | AddBlockedCountryRequest (DTO) | bans |
| /api/ban/proxycheck/country/remove | POST | Remove blocked country | RemoveBlockedCountryRequest (DTO) | bans |
5. Chat
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/chat/send | POST | Send chat message | SendChatCommand (DTO) | chat |
| /api/chat/auto/add | POST | Add auto message | AutoMessageRequest (DTO) | chat |
| /api/chat/auto/remove | POST | Remove auto message | RemoveMessageRequest (DTO) | chat |
| /api/chat/slap/add | POST | Add slap message | SlapMessageRequest (DTO) | chat |
| /api/chat/slap/remove | POST | Remove slap message | RemoveMessageRequest (DTO) | chat |
| /api/chat/history/players | GET | Get distinct player names | limit (int, query) | chat |
| /api/chat/history/search | POST | Search chat history | ChatHistoryRequest (DTO) | chat |
6. FileSystem
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/filesystem/drives | GET | Get available drives | (none) | profile |
| /api/filesystem/list | POST | List directory contents | DirectoryListingRequest (DTO) | profile |
| /api/filesystem/validate-path | POST | Validate path exists | DirectoryListingRequest (DTO) | profile |
| /api/filesystem/files | GET | Get profile files | (none) | profile |
7. GamePlay
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/gameplay/settings | GET | Get gameplay settings | (none) | gameplay |
| /api/gameplay/settings | POST | Save gameplay settings | GamePlaySettingsRequest (DTO) | gameplay |
| /api/gameplay/validate | POST | Validate gameplay settings | GamePlaySettingsRequest (DTO) | gameplay |
8. Maps
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/maps/list/available | GET | Get available maps | (none) | maps |
| /api/maps/list/playlists | GET | Get all playlists | (none) | maps |
| /api/maps/list/playlist/{id} | GET | Get playlist by ID | id (int, route) | maps |
| /api/maps/playlist/save | POST | Save playlist | PlaylistDTO (DTO) | maps |
| /api/maps/playlist/set-active | POST | Set active playlist | PlaylistDTO (DTO) | maps |
| /api/maps/playlist/import | POST | Import playlist | PlaylistDTO (DTO) | maps |
| /api/maps/playlist/export/{id} | GET | Export playlist | id (int, route) | maps |
| /api/maps/server/skip-map | POST | Skip current map | (none) | maps |
| /api/maps/server/score-map | POST | Score current map | (none) | maps |
| /api/maps/server/play-next | POST | Play next map | mapIndex (int) | maps |
9. Player
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/player/arm | POST | Arm player | ArmPlayerCommand (DTO) | players |
| /api/player/disarm | POST | Disarm player | DisarmPlayerCommand (DTO) | players |
| /api/player/togglegodmode | POST | Toggle god mode | GodModePlayerCommand (DTO) | players |
| /api/player/switchteam | POST | Switch player team | SwitchTeamPlayerCommand (DTO) | players |
| /api/player/kick | POST | Kick player | KickPlayerCommand (DTO) | players |
| /api/player/ban | POST | Ban player | BanPlayerCommand (DTO) | players |
| /api/player/warn | POST | Warn player | WarnPlayerCommand (DTO) | players |
| /api/player/kill | POST | Kill player | KillPlayerCommand (DTO) | players |
10. Profile
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/profile/settings | GET | Get profile settings | (none) | profile |
| /api/profile/settings | POST | Save profile settings | ProfileSettingsRequest (DTO) | profile |
| /api/profile/validate | POST | Validate profile settings | ProfileSettingsRequest (DTO) | profile |
11. Snapshot
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/snapshot | GET | Get server snapshot | (none) | Valid JWT |
12. Stats
| Endpoint | Method | Action | Request Variables | Permissions |
|---|
| /api/stats/babstats/servers/save | POST | Save BABStats server | BabstatsServerRequest (DTO) | stats |
| /api/stats/babstats/servers/add | POST | Add BABStats server | BabstatsServerRequest (DTO) | stats |
| /api/stats/babstats/servers/remove | POST | Remove BABStats server | serverID (int) | stats |
| /api/stats/babstats/servers/clearAnnoucements | POST | Clear announcements | bool | stats |
| /api/stats/babstats/validate | POST | Validate web stats | WebStatsValidateRequest (DTO) | stats |
| /api/stats/lobby/servers/save | POST | Save lobby server | LobbyServerRequest (DTO) | stats |
| /api/stats/lobby/servers/add | POST | Add lobby server | LobbyServerRequest (DTO) | stats |
| /api/stats/lobby/servers/remove | POST | Remove lobby server | serverID (int) | stats |
SignalR Hub
ServerHub
| Method | Action | Request Variables | Permissions |
|---|
| SubscribeToUpdates | Subscribe to real-time server state updates | (none) | Valid JWT |
| UnsubscribeFromUpdates | Unsubscribe from updates | (none) | Valid JWT |
| Heartbeat | Send heartbeat to maintain session | (none) | Valid JWT |
| RemoteSpectateCommand | Server sends command to client | RemoteSpectateCommand (DTO) | Server → Client |
Required Variables (DTOs)
Auth
record LoginRequest(string Username, string Password, string? ClientVersion = null);
Admin
class CreateUserRequestDTO { string Username, string Password, List<string> Permissions, bool IsActive, string Notes }
class UpdateUserRequestDTO { int UserID, string Username, string? NewPassword, List<string> Permissions, bool IsActive, string Notes }
class DeleteUserRequestDTO { int UserID }
Ban
class BanDTOs { int? NameRecordID, int? IPRecordID, string? PlayerName, string? IPAddress, bool IsName, bool IsIP, int? SubnetMask, DateTime BanDate, DateTime? ExpireDate, string RecordType, string Notes, bool IgnoreValidation }
class DeleteBanRecordRequest { int RecordID, bool IsName }
Player Commands
class ArmPlayerCommand { int PlayerSlot, string PlayerName }
class DisarmPlayerCommand { int PlayerSlot, string PlayerName }
class GodModePlayerCommand { int PlayerSlot, string PlayerName }
class SwitchTeamPlayerCommand { int PlayerSlot, string PlayerName, int currentTeam, int TeamNum }
class KickPlayerCommand { int PlayerSlot, string PlayerName }
class BanPlayerCommand { int PlayerSlot, string PlayerName, string PlayerIP, bool BanIP }
class WarnPlayerCommand { int PlayerSlot, string PlayerName, string Message }
class KillPlayerCommand { int PlayerSlot, string PlayerName }
Permissions
admins_accounts - Access admin accounts paneladmins_editusers - Create/edit/delete usersadmins_auditlogs - View audit logsbans - Manage ban whitelist/blacklistchat - Send chat messages, manage auto messagesprofile - Manage profile settings, file browsergameplay - Manage gameplay settingsmaps - Manage map playlistsplayers - Manage players (arm, disarm, kick, ban, etc.)stats - Manage stats/lobby settings
Token Information
| Property | Value |
|---|
| Token Type | JWT (JSON Web Token) |
| Issuer | BHD.ServerManager |
| Audience | BHD.RemoteClient |
| Expiration | 8 hours |
| Token Revocation | Supported via denylist (JTI) |