Documentation

Authentication

This API uses OAuth2 (implicit flow) or API keys for protected endpoints. Public endpoints do not require authentication.

Authorize URL (example)

Code
 
https://api.ggbot.de/oauth/authorize?response_type=token&client_id=<CLIENT_ID>&redirect_uri=<REDIRECT_URI>&scope=read:bots%20write:bots%20execute:bots

Steps

Direct the user-agent (browser) to the authorize URL with your client_id and redirect_uri as well as the scopes needed.
The authorization server redirects back with an auth code in the query parameters (?code=...).
Extract the auth token from the query and request the authentification token:

You can do that with POST:

Code
 
https://api.ggbot.de/oauth/token

{
  "grant_type": "authorization_code",
  "code": "The code from before",
  "redirect_uri": "REDIRECT_URI",
  "client_id": "CLIENT_ID"
}

// That will return
{
  "access_token": "ACCESS_TOKEN",
  "token_type": "bearer",
  "expires_in": 86400
  "scope": "read:bots write:bots execute:bots"
}

Then you can use the access token in the Authorization header:

Code
 
Authorization: Bearer <ACCESS_TOKEN>

Api keys

API keys are short-lived or permanent tokens tied to your own account only. They cannot be used to access other users' accounts. Keep them secret and revoke them from your Developer page if they are compromised.

Scopes

read — read access to bot information
write — change bot settings, start/stop, manage modules
execute — execute commands and control runtime actions

Notes

Tokens obtained via implicit flow are typically short-lived; refresh by re-authorizing.
Always use HTTPS when sending tokens.

Additional management

If you're logged into the panel you can manage API keys and OAuth access tokens directly using the Developer page:

Open the Developer console at /developer - the page requires a valid session cookie.
If you're not logged in, you'll be asked to sign in to https://panel.ggbot.de/ first.

This tool lets you create API keys, revoke keys, list OAuth tokens and revoke them per-token or per-client.

Last modified on May 28, 2026

Welcome to GGBot's API Examples

Steps

Direct the user-agent (browser) to the authorize URL with your client_id and redirect_uri as well as the scopes needed.

The authorization server redirects back with an auth code in the query parameters (?code=...).

Extract the auth token from the query and request the authentification token:

You can do that with POST:

Code

https://api.ggbot.de/oauth/token

{
  "grant_type": "authorization_code",
  "code": "The code from before",
  "redirect_uri": "REDIRECT_URI",
  "client_id": "CLIENT_ID"
}

// That will return
{
  "access_token": "ACCESS_TOKEN",
  "token_type": "bearer",
  "expires_in": 86400
  "scope": "read:bots write:bots execute:bots"
}

Then you can use the access token in the Authorization header:

Code

Authorization: Bearer <ACCESS_TOKEN>

Additional management

If you're logged into the panel you can manage API keys and OAuth access tokens directly using the Developer page:

Open the Developer console at /developer - the page requires a valid session cookie.

If you're not logged in, you'll be asked to sign in to https://panel.ggbot.de/ first.

This tool lets you create API keys, revoke keys, list OAuth tokens and revoke them per-token or per-client.

Last modified on May 28, 2026