> ## Documentation Index
> Fetch the complete documentation index at: https://help.freakhosting.com/llms.txt
> Use this file to discover all available pages before exploring further.

# How to Manage API and SSH Keys

> Learn how to create, manage, and secure API keys and SSH keys on the FREAKHOSTING Game Panel for automation and remote server access.

## Automate and Connect Securely

API keys let you interact with the Game Panel programmatically -- start servers, query status, manage files, and more -- all without logging in through a browser. SSH keys let you authenticate for SFTP file transfers without a password. Both are powerful tools for anyone who wants to automate their server management or connect external tools to their game servers.

You will find both options in the **API Key** section at the bottom of the **Account** page at [games.freakhosting.com](https://games.freakhosting.com). The section has two sub-tabs: **API Key** and **SSH Key**.

<CardGroup cols={2}>
  <Card title="Difficulty" icon="gauge-min">
    Intermediate
  </Card>

  <Card title="Time" icon="clock">
    3 Minutes
  </Card>
</CardGroup>

***

## Understanding API Keys vs SSH Keys

Before diving in, here is a quick breakdown of what each key type does:

<CardGroup cols={2}>
  <Card title="API Keys" icon="key">
    Used to interact with the **Pterodactyl API** -- the same API that powers the Game Panel interface. With an API key, scripts and external applications can start/stop servers, read console output, manage files, and more. Think of it as a login credential for machines instead of humans.
  </Card>

  <Card title="SSH Keys" icon="terminal">
    Used for **SFTP authentication**. Instead of entering a password every time you connect via SFTP to upload or download files, an SSH key pair lets your SFTP client authenticate automatically. It is both more convenient and more secure than password-based SFTP access.
  </Card>
</CardGroup>

***

## Creating an API Key

The **API Key** sub-tab is selected by default when you open the API Key section. On a fresh account, the right side of the section will show **"No API keys exist for this account."** -- so let us create one.

<Steps>
  <Step title="Open the Account Page">
    Log in to the Game Panel and click your **Account** link (with your avatar icon) in the **top-right corner** of the navigation bar.
  </Step>

  <Step title="Scroll to the API Key Section">
    Scroll down to the bottom of the Account page. You will find the **API Key** section with two sub-tabs: **API Key** (selected by default) and **SSH Key**.
  </Step>

  <Step title="Enter a Description">
    In the **Description** field, type a short label for this API key. This helps you remember what the key is for later -- something like "Discord bot integration" or "Automated restart script" works well.

    <Tip>
      Be specific with your descriptions. If you create multiple API keys for different tools, clear labels like "Pterodactyl backup script" or "Server status website" make it easy to identify and revoke the right key if needed.
    </Tip>
  </Step>

  <Step title="Set Allowed IPs (Optional but Recommended)">
    The **Allowed IPs** textarea lets you restrict which IP addresses can use this API key. Each IP address goes on its own line. If you leave this blank, **any IP address** can use the key.

    For example, if your automation script runs on a VPS with IP `203.0.113.50`, you would enter that IP to ensure the key only works from that machine.

    <Warning>
      Leaving the Allowed IPs field blank means the API key can be used from anywhere in the world. If the key is ever leaked, anyone can use it. **Always restrict by IP** when you know where the key will be used from.
    </Warning>
  </Step>

  <Step title="Click Create">
    Hit the teal **Create** button. The panel generates your API key and displays it. **Copy it immediately** -- this is the only time you will see the full key. It will not be shown again.
  </Step>

  <Step title="Store the Key Securely">
    Save the API key in a password manager, encrypted note, or a secure environment variable in your application. Do not paste it into Discord messages, public code repositories, or plain text files on shared machines.
  </Step>
</Steps>

<Warning>
  **The API key is only shown once at creation time.** If you close the page or navigate away without copying it, you will need to delete the key and create a new one. There is no way to view the full key again after initial creation.
</Warning>

***

## Managing Existing API Keys

Once you have created one or more API keys, they appear in a list on the right side of the API Key section (replacing the "No API keys exist" message). Each entry shows:

* **Description** -- The label you gave the key
* **Last Used** -- When the key was last used to make an API request
* **Created** -- When the key was created

You can **delete** an API key at any time if it is no longer needed or you suspect it has been compromised. Deleting a key immediately revokes all access -- any script or tool using that key will stop working.

***

## Adding an SSH Key

Switch to the **SSH Key** sub-tab in the API Key section to manage your SSH keys for SFTP authentication.

<Steps>
  <Step title="Switch to the SSH Key Tab">
    Click the **SSH Key** sub-tab next to the API Key tab at the top of the section.
  </Step>

  <Step title="Add Your Public Key">
    Paste your **public SSH key** into the provided field. This is typically the contents of your `~/.ssh/id_rsa.pub` or `~/.ssh/id_ed25519.pub` file. It starts with `ssh-rsa` or `ssh-ed25519` followed by a long string of characters.

    <Info>
      Only paste your **public** key (the file ending in `.pub`). Never share or upload your **private** key -- that stays on your local machine and should never leave it.
    </Info>
  </Step>

  <Step title="Give It a Name">
    Enter a descriptive name for the key so you can identify it later -- for example, "Work laptop" or "Home desktop".
  </Step>

  <Step title="Save the Key">
    Click the save or create button to add the SSH key to your account. Your SFTP client can now authenticate using this key pair instead of a password.
  </Step>
</Steps>

***

## Generating an SSH Key Pair (If You Do Not Have One)

If you have never created an SSH key pair before, here is how to generate one:

<AccordionGroup>
  <Accordion title="On Windows (PowerShell or Windows Terminal)">
    Open **PowerShell** or **Windows Terminal** and run:

    ```
    ssh-keygen -t ed25519 -C "your-email@example.com"
    ```

    Press Enter to accept the default file location, then optionally set a passphrase. Your public key will be saved to `C:\Users\YourName\.ssh\id_ed25519.pub`. Open that file with Notepad and copy the contents.
  </Accordion>

  <Accordion title="On macOS or Linux (Terminal)">
    Open **Terminal** and run:

    ```
    ssh-keygen -t ed25519 -C "your-email@example.com"
    ```

    Press Enter to accept the default location (`~/.ssh/id_ed25519`), then optionally set a passphrase. Copy your public key with:

    ```
    cat ~/.ssh/id_ed25519.pub
    ```
  </Accordion>
</AccordionGroup>

<Tip>
  The `ed25519` key type is recommended over `rsa` for new keys -- it is faster, more secure, and produces shorter keys. If you need RSA for compatibility, use `ssh-keygen -t rsa -b 4096` instead.
</Tip>

***

## Using Your API Key

Once you have an API key, you can use it to interact with the Pterodactyl API that powers the Game Panel. Here are some practical examples of what you can do:

| Use Case             | What the API Lets You Do                                                        |
| -------------------- | ------------------------------------------------------------------------------- |
| Discord bot          | Query server status and player counts, then display them in your Discord server |
| Automated restarts   | Schedule a script to restart your server at specific times using API calls      |
| Monitoring dashboard | Pull CPU, memory, and network stats to display on a custom web dashboard        |
| Backup automation    | Trigger server backups on a schedule without logging into the panel             |
| File management      | Upload, download, or modify server files programmatically                       |

API requests are made to the panel's API endpoint and require your API key in the `Authorization` header using the `Bearer` format:

```
Authorization: Bearer YOUR_API_KEY_HERE
```

<Info>
  The full Pterodactyl API documentation covers all available endpoints, request formats, and response structures. Search for "Pterodactyl API documentation" for the complete reference. The API key you create here works with the **client API** endpoints.
</Info>

***

## Security Best Practices

<CardGroup cols={2}>
  <Card title="Restrict API Keys by IP" icon="shield-check">
    Always enter the specific IP addresses that will use the key in the Allowed IPs field. A key with no IP restriction can be used from anywhere if it leaks.
  </Card>

  <Card title="Use Separate Keys for Each Tool" icon="key">
    Create a different API key for each script, bot, or integration. That way, if one key is compromised, you can revoke it without breaking everything else.
  </Card>

  <Card title="Never Commit Keys to Git" icon="code-branch">
    Store API keys in environment variables or config files excluded from version control. A key in a public GitHub repo can be scraped by bots within minutes.
  </Card>

  <Card title="Rotate Keys Periodically" icon="arrows-rotate">
    Delete and recreate API keys every few months, especially for keys with broad permissions or no IP restriction. Rotating keys limits the damage window if a key is silently compromised.
  </Card>
</CardGroup>

***

<AccordionGroup>
  <Accordion title="I lost my API key -- can I view it again?">
    No. API keys are only displayed once at creation time. If you have lost the key, delete the old entry and create a new one. Update any scripts or tools that used the old key with the new one.
  </Accordion>

  <Accordion title="How many API keys can I create?">
    The panel allows multiple API keys per account. Create as many as you need -- one per tool or integration is the recommended approach.
  </Accordion>

  <Accordion title="Can I edit an API key's allowed IPs after creation?">
    You will need to check the panel's interface -- some versions of Pterodactyl allow editing, while others require you to delete and recreate the key with the correct IP restrictions. If in doubt, delete and recreate.
  </Accordion>

  <Accordion title="What permissions does an API key have?">
    Client API keys created from the Account page have the same permissions as your user account -- they can manage your servers, files, and settings. They cannot access admin functions. Treat them with the same care as your password.
  </Accordion>

  <Accordion title="My SSH key is not working for SFTP -- what should I check?">
    Verify that you pasted the **public** key (not the private key), that the key format is correct (starts with `ssh-rsa` or `ssh-ed25519`), and that your SFTP client is configured to use the corresponding private key. Also confirm that your SFTP client is connecting to the correct server address and port shown in the Game Panel.
  </Accordion>
</AccordionGroup>

***

<Note>
  ### Need Extra Help?

  If you encounter any issues, our support team is ready to assist:

  * **Live Chat:** Quick assistance via our website.
  * **Support Ticket:** [Open a Ticket](https://freakhosting.com/clientarea/submitticket.php)
  * **Discord:** [Join our Community](https://discord.gg/freakhosting)
  * **Email:** [support@freakhosting.com](mailto:support@freakhosting.com)
</Note>

<Tip>
  ### Save on Your Hosting

  Ready to automate more servers? Use code **KB20** at checkout for **20% off** your first month!
</Tip>

***

<div align="center">
  **Last Updated:** March 2026 | **Game Panel Support:** API and SSH key management simplified.
</div>
