Automate and Connect Securely
API keys let you interact with the Game Panel programmatically — start servers, query status, manage files, and more — all without logging in through a browser. SSH keys let you authenticate for SFTP file transfers without a password. Both are powerful tools for anyone who wants to automate their server management or connect external tools to their game servers. You will find both options in the API Key section at the bottom of the Account page at games.freakhosting.com. The section has two sub-tabs: API Key and SSH Key.Difficulty
Intermediate
Time
3 Minutes
Understanding API Keys vs SSH Keys
Before diving in, here is a quick breakdown of what each key type does:API Keys
Used to interact with the Pterodactyl API — the same API that powers the Game Panel interface. With an API key, scripts and external applications can start/stop servers, read console output, manage files, and more. Think of it as a login credential for machines instead of humans.
SSH Keys
Used for SFTP authentication. Instead of entering a password every time you connect via SFTP to upload or download files, an SSH key pair lets your SFTP client authenticate automatically. It is both more convenient and more secure than password-based SFTP access.
Creating an API Key
The API Key sub-tab is selected by default when you open the API Key section. On a fresh account, the right side of the section will show “No API keys exist for this account.” — so let us create one.Open the Account Page
Log in to the Game Panel and click your Account link (with your avatar icon) in the top-right corner of the navigation bar.
Scroll to the API Key Section
Scroll down to the bottom of the Account page. You will find the API Key section with two sub-tabs: API Key (selected by default) and SSH Key.
Enter a Description
In the Description field, type a short label for this API key. This helps you remember what the key is for later — something like “Discord bot integration” or “Automated restart script” works well.
Set Allowed IPs (Optional but Recommended)
The Allowed IPs textarea lets you restrict which IP addresses can use this API key. Each IP address goes on its own line. If you leave this blank, any IP address can use the key.For example, if your automation script runs on a VPS with IP
203.0.113.50, you would enter that IP to ensure the key only works from that machine.Click Create
Hit the teal Create button. The panel generates your API key and displays it. Copy it immediately — this is the only time you will see the full key. It will not be shown again.
Managing Existing API Keys
Once you have created one or more API keys, they appear in a list on the right side of the API Key section (replacing the “No API keys exist” message). Each entry shows:- Description — The label you gave the key
- Last Used — When the key was last used to make an API request
- Created — When the key was created
Adding an SSH Key
Switch to the SSH Key sub-tab in the API Key section to manage your SSH keys for SFTP authentication.Switch to the SSH Key Tab
Click the SSH Key sub-tab next to the API Key tab at the top of the section.
Add Your Public Key
Paste your public SSH key into the provided field. This is typically the contents of your
~/.ssh/id_rsa.pub or ~/.ssh/id_ed25519.pub file. It starts with ssh-rsa or ssh-ed25519 followed by a long string of characters.Only paste your public key (the file ending in
.pub). Never share or upload your private key — that stays on your local machine and should never leave it.Give It a Name
Enter a descriptive name for the key so you can identify it later — for example, “Work laptop” or “Home desktop”.
Generating an SSH Key Pair (If You Do Not Have One)
If you have never created an SSH key pair before, here is how to generate one:On Windows (PowerShell or Windows Terminal)
On Windows (PowerShell or Windows Terminal)
Open PowerShell or Windows Terminal and run:Press Enter to accept the default file location, then optionally set a passphrase. Your public key will be saved to
C:\Users\YourName\.ssh\id_ed25519.pub. Open that file with Notepad and copy the contents.On macOS or Linux (Terminal)
On macOS or Linux (Terminal)
Open Terminal and run:Press Enter to accept the default location (
~/.ssh/id_ed25519), then optionally set a passphrase. Copy your public key with:Using Your API Key
Once you have an API key, you can use it to interact with the Pterodactyl API that powers the Game Panel. Here are some practical examples of what you can do:| Use Case | What the API Lets You Do |
|---|---|
| Discord bot | Query server status and player counts, then display them in your Discord server |
| Automated restarts | Schedule a script to restart your server at specific times using API calls |
| Monitoring dashboard | Pull CPU, memory, and network stats to display on a custom web dashboard |
| Backup automation | Trigger server backups on a schedule without logging into the panel |
| File management | Upload, download, or modify server files programmatically |
Authorization header using the Bearer format:
The full Pterodactyl API documentation covers all available endpoints, request formats, and response structures. Search for “Pterodactyl API documentation” for the complete reference. The API key you create here works with the client API endpoints.
Security Best Practices
Restrict API Keys by IP
Always enter the specific IP addresses that will use the key in the Allowed IPs field. A key with no IP restriction can be used from anywhere if it leaks.
Use Separate Keys for Each Tool
Create a different API key for each script, bot, or integration. That way, if one key is compromised, you can revoke it without breaking everything else.
Never Commit Keys to Git
Store API keys in environment variables or config files excluded from version control. A key in a public GitHub repo can be scraped by bots within minutes.
Rotate Keys Periodically
Delete and recreate API keys every few months, especially for keys with broad permissions or no IP restriction. Rotating keys limits the damage window if a key is silently compromised.
I lost my API key -- can I view it again?
I lost my API key -- can I view it again?
No. API keys are only displayed once at creation time. If you have lost the key, delete the old entry and create a new one. Update any scripts or tools that used the old key with the new one.
How many API keys can I create?
How many API keys can I create?
The panel allows multiple API keys per account. Create as many as you need — one per tool or integration is the recommended approach.
Can I edit an API key's allowed IPs after creation?
Can I edit an API key's allowed IPs after creation?
You will need to check the panel’s interface — some versions of Pterodactyl allow editing, while others require you to delete and recreate the key with the correct IP restrictions. If in doubt, delete and recreate.
What permissions does an API key have?
What permissions does an API key have?
Client API keys created from the Account page have the same permissions as your user account — they can manage your servers, files, and settings. They cannot access admin functions. Treat them with the same care as your password.
My SSH key is not working for SFTP -- what should I check?
My SSH key is not working for SFTP -- what should I check?
Verify that you pasted the public key (not the private key), that the key format is correct (starts with
ssh-rsa or ssh-ed25519), and that your SFTP client is configured to use the corresponding private key. Also confirm that your SFTP client is connecting to the correct server address and port shown in the Game Panel.Need Extra Help?
If you encounter any issues, our support team is ready to assist:- Live Chat: Quick assistance via our website.
- Support Ticket: Open a Ticket
- Discord: Join our Community
- Email: support@freakhosting.com
Last Updated: March 2026 | Game Panel Support: API and SSH key management simplified.