Useful for Applications like Executors, etc.
HTTP API
GET
https://api.nexveil.net/wlv1/application/auth?key=...&app_name=...
required
query params:
key: the key to check
app_name: the app/item name specified in the nexveil dashboard
| Header-Name | Header-Value | Description |
|---|
| Content-Type | application/json | |
| clienttime | 1768302563 | the unix timestamp . |
| externalsignature | 4a53df2f72a92cf55d9f24a36e9f637f7d9f69f33663a0a0b28750572f80a899 | the sha256 signature. see docs om how to generate |
| clientnonce | 9c587ed044f5ae3eedfbfc21a2a3bc0a0ed3da6879471d14f2e1fe57d2aceb0b | 64 character random string |
| clienthwid | b4cd26a3-19d9-40c3-8506-437d1ca841f1 | unique identifier hwid value |
how to generate the external signature?
sha256(
clientnonce + secret1 + key +
secret2 + clienttime + secret3 +
clienthwid
);
// the sha256 output is the signature
HTTP Response
{
success: true, // Boolean - verification succeeded
code: 'KEY_VALID', // String - response code
message: 'Success', // String - human-readable message
signature: 'abc123...', // String - sha256 server signature
isActivated: false, // Boolean - true if key was just activated
isValid: true, // Boolean - key is valid (activated or valid)
timestamp: '2024-...', // String - verification timestamp
data: { // Object - additional data
key: {
expiresAt: '2025-01-01T00:00:00Z',
activatedAt: '2024-06-15T10:30:00Z',
note: 'Premium tier'
},
app: {
version: '1.2.3'
}
}
}
validate server response?
const expectedServerSignature = sha256(clientNonce + this.secret3 + data.code);
if (expectedServerSignature == data.signature) {
console.log("server signature and code is valid!")
}
