The GeckoGuard API is a RESTful API that uses JSON for request and response bodies.
All API requests should be made to:
https://api.geckoguard.com
Most endpoints require authentication. There are two auth methods:
- Session Token (JWT): Used by the dashboard for management operations. Passed via
Authorization: Bearer <token>.
- API Key: Used by your application for license validation and programmatic access. Passed via
Authorization: Bearer <api_key>.
See the Authentication guide for details.
Content-Type: application/json header for POST/PATCH requests- JSON body for POST/PATCH requests
- Query parameters for filtering and pagination
All responses follow this structure:
{
"ok": true,
"data": { /* response data */ }
}
Error responses:
{
"ok": false,
"error": {
"message": "Error description",
"code": "ERROR_CODE"
}
}
List endpoints support pagination via query parameters:
GET /v1/dashboard/orgs/:orgId/licenses?page=1&pageSize=50
- With API key: 120 requests/minute per IP
- Without API key: 60 requests/minute per IP
Rate limit headers:
X-Ratelimit-Limit: 120
X-Ratelimit-Remaining: 115
X-Ratelimit-Reset: 1640995200
| Method | Endpoint | Description |
|---|
POST | /v1/licenses/authorize | Validate a license key (requires license:authorize permission) |
| Method | Endpoint | Description |
|---|
GET | /v1/dashboard/orgs | List your organizations |
POST | /v1/dashboard/orgs | Create an organization |
GET | /v1/dashboard/orgs/:orgId | Get organization details |
PATCH | /v1/dashboard/orgs/:orgId | Update organization |
DELETE | /v1/dashboard/orgs/:orgId | Delete organization |
| Method | Endpoint | Description |
|---|
POST | /v1/dashboard/products | Create a product |
GET | /v1/dashboard/products/:id | Get product details |
PATCH | /v1/dashboard/products/:id | Update product (name, policy) |
DELETE | /v1/dashboard/products/:id | Delete product |
GET | /v1/dashboard/orgs/:orgId/products | List products in an org |
POST | /v1/dashboard/orgs/:orgId/products | Add product to org |
DELETE | /v1/dashboard/orgs/:orgId/products/:productId | Remove product from org |
| Method | Endpoint | Description |
|---|
GET | /v1/dashboard/orgs/:orgId/licenses | List licenses (filterable by product, status, search) |
POST | /v1/dashboard/orgs/:orgId/licenses | Create license(s) — supports bulk creation up to 500 |
GET | /v1/dashboard/orgs/:orgId/licenses/analytics | License analytics (counts by status, product) |
GET | /v1/dashboard/orgs/:orgId/licenses/expiring | List licenses expiring soon |
GET | /v1/dashboard/orgs/:orgId/licenses/export | Export licenses as CSV or JSON |
POST | /v1/dashboard/orgs/:orgId/licenses/import | Bulk import licenses |
POST | /v1/dashboard/orgs/:orgId/licenses/freeze | Bulk freeze licenses |
POST | /v1/dashboard/orgs/:orgId/licenses/unfreeze | Bulk unfreeze licenses |
POST | /v1/dashboard/orgs/:orgId/licenses/revoke | Bulk revoke licenses |
POST | /v1/dashboard/orgs/:orgId/licenses/unrevoke | Bulk restore revoked licenses |
POST | /v1/dashboard/orgs/:orgId/licenses/extend | Bulk extend license expiry |
DELETE | /v1/dashboard/orgs/:orgId/licenses | Bulk delete licenses |
| Method | Endpoint | Description |
|---|
GET | /v1/dashboard/licenses/:id | Get single license details |
PATCH | /v1/dashboard/licenses/:id | Update license (status, expiry, policy, freeze) |
POST | /v1/dashboard/licenses/:id/revoke | Revoke a license |
POST | /v1/dashboard/licenses/:id/unrevoke | Restore a revoked license |
POST | /v1/dashboard/licenses/:id/reset-hwid | Reset HWID bindings |
POST | /v1/dashboard/licenses/:id/reset-ip | Reset IP bindings |
POST | /v1/dashboard/licenses/redeem | Redeem a license key |
| Method | Endpoint | Description |
|---|
GET | /v1/dashboard/licenses/:id/sessions | List active sessions for a license |
POST | /v1/dashboard/licenses/:id/sessions/:sessionId/revoke | Kill a specific session |
POST | /v1/dashboard/licenses/:id/sessions/revoke-all | Kill all sessions for a license |
| Method | Endpoint | Description |
|---|
POST | /v1/dashboard/api-keys | Create an API key (with optional permissions) |
GET | /v1/dashboard/api-keys?productId= | List API keys for a product |
PATCH | /v1/dashboard/api-keys/:id | Update API key (name, permissions) |
DELETE | /v1/dashboard/api-keys/:id | Delete an API key |
POST | /v1/dashboard/api-keys/:id/rotate | Rotate an API key secret |
POST | /v1/dashboard/api-keys/:id/revoke | Revoke an API key |
| Method | Endpoint | Description |
|---|
GET | /v1/dashboard/app-variables/products/:productId | List variables (scope: GLOBAL or USER) |
DELETE | /v1/dashboard/app-variables/products/:productId/:variableId | Delete a variable |
GET | /v1/app-variables?productId=&licenseId= | Public: fetch variables for a license (client use) |
| Method | Endpoint | Description |
|---|
GET | /v1/dashboard/app-versions/products/:productId | List versions for a product |
POST | /v1/dashboard/app-versions/products/:productId | Create a new version |
PATCH | /v1/dashboard/app-versions/products/:productId/:versionId | Update a version |
DELETE | /v1/dashboard/app-versions/products/:productId/:versionId | Delete a version |
POST | /v1/app-versions/check-update | Public: check for updates (client use) |
| Method | Endpoint | Description |
|---|
GET | /v1/dashboard/blacklists/products/:productId | List blacklist entries (filter by type: HWID or IP) |
POST | /v1/dashboard/blacklists/products/:productId | Add a blacklist entry |
POST | /v1/dashboard/blacklists/products/:productId/bulk | Bulk add blacklist entries |
DELETE | /v1/dashboard/blacklists/products/:productId/:entryId | Remove a blacklist entry |
| Method | Endpoint | Description |
|---|
GET | /v1/dashboard/product-files/products/:productId | List files for a product |
POST | /v1/dashboard/product-files/products/:productId | Upload a file |
DELETE | /v1/dashboard/product-files/products/:productId/:fileId | Delete a file |
GET | /v1/product-files/download/:fileId | Download a file (requires valid license) |
| Method | Endpoint | Description |
|---|
| Configured per product | Webhook events | license.authorized, license.created, etc. |
| Method | Endpoint | Description |
|---|
GET | /v1/dashboard/orgs/:orgId/members | List org members |
PATCH | /v1/dashboard/orgs/:orgId/members/:memberId | Update member role |
DELETE | /v1/dashboard/orgs/:orgId/members/:memberId | Remove member |
POST | /v1/dashboard/orgs/:orgId/invites | Invite a member (email + role) |
GET | /v1/dashboard/orgs/:orgId/invites | List pending invites |
POST | /v1/dashboard/orgs/:orgId/invites/:inviteId/revoke | Revoke an invite |
POST | /v1/dashboard/orgs/:orgId/invites/:inviteId/resend | Resend an invite email |
POST | /v1/dashboard/orgs/:orgId/transfer-ownership | Transfer org ownership |
| Method | Endpoint | Description |
|---|
GET | /v1/dashboard/orgs/:orgId/analytics | Full analytics dashboard (time-series + totals) |
GET | /v1/dashboard/orgs/:orgId/licenses/analytics | License status breakdown |
| Method | Endpoint | Description |
|---|
GET | /v1/dashboard/plans?productId= | List available plans |
GET | /v1/dashboard/subscriptions | List user's subscriptions |
POST | /v1/dashboard/subscriptions/start | Start a subscription |
POST | /v1/dashboard/subscriptions/cancel | Cancel a subscription |
POST | /v1/dashboard/subscriptions/reactivate | Reactivate a cancelled subscription |
GET | /v1/dashboard/entitlements | List user's entitlements |
| Method | Endpoint | Description |
|---|
POST | /v1/enduser/auth/register | Register end user account |
POST | /v1/enduser/auth/login | Login as end user |
POST | /v1/enduser/auth/logout | Logout |
GET | /v1/enduser/me | Get current end user profile |
GET | /v1/enduser/licenses | List end user's licenses |
POST | /v1/enduser/licenses/redeem | Redeem a license key |
See API Errors for error handling details.