Panel API: Get Started

General principles

The structure of Panel API (aka Administration API) – request paths, response and error formats – is the same as for user API, so we highly recommend reading API: get started

Two main differences are authorization system and request paths.

Request paths

Panel API resides in panel/ subsection of API url. So you can determine URL to API calls like this:

  1. for NAVIXY ServerMate it will be http(s)://
  2. for On-Premise instances it will be http(s)://api.your_domain/panel/

For example, to make account/auth(…) API call in Navixy ServerMate, you should use the following url: http(s)://


In order to authorize, you should make a GET or POST request to /account/auth/ with login (your administration panel login) and password (its password), which returns JSON object, containing hash (hexademical unique string) of the newly created Panel API session, which you should use in other Panel API calls.

Please note that you cannot use Panel API session hash in user API or vice versa.

You must keep in mind that string type containing any symbols except ASCII codes from 32 to 127 must be URL encoded before transfer.

For example, in on-premise installations, there is a default user with login “admin” and password “admin”. You can authorize with it like this (all HTTP request examples are made using curl *nix utility):

# GET:
$ curl ''
# or POST:
$ curl --data 'login=admin&password=admin' ''

And you’ll get answer like this:

    'hash': '1dc2b813769d846c2c15030884948117',
    'success': true,
    'permissions': {

The value returned in hash field (in this example it is “1dc2b813769d846c2c15030884948117”) should be saved for further use.

If API call completes successfully, the HTTP response code is 200 OK, and success field in returned JSON is equal to true

If there is any error, for example, wrong credentials were used, HTTP response code differs from 200, success field is false, and status field contains the description of the error.

For example:

    "success": false,
    "status": {
        "code": 12,
        "description": "Dealer not found"

The “description” field is just a human-readable hint, you should not check its contents programmatically as it may change in the future.

For more info, please see account/auth(…)

Using session hash

After successful authorization, you can make other Panel API calls. You should always pass the session hash you obtained earlier as the hash parameter. This parameter is not listed in parameters list of every API call, but still required by default.

For example, to list first ten users belonging to your system account, you can use the following Panel API call (the hash is from previous example):

# GET:
$ curl ''
# or POST:
$ curl --data 'hash=1dc2b813769d846c2c15030884948117&limit=10' ''

For more info, please see user/list(…)

Session expiration

Every session (and thus, a hash key associated with it) has a limited lifetime (30 days by default). So you should obtain new hash key periodically.

If you will try to make a Panel API call with expired session hash, you’ll get the following error:

    "success": false,
    "status": {
        "code": 4,
        "description": "User not found or session ended"

In this case, just obtain new hash using account/auth(…)

If you have more questions please contact our support team

Contact Us

USA: +1 858 815 9045

Mexico: +52 334 1642158

UK: +44 808 1641499

France: +33 644 605141

Germany: +49 157359 88250

Russia: +7 495 317 1622

Log in





Service shortage expected due to maintenance works in data center on October, 21 starting at 19:00 GMT for 8 hours. Read more