SellRealm API Documentation
Integrate powerful eCommerce and license management into your applications.
SellRealm provides two powerful APIs to help you manage your digital products and license systems:
License API (v0)
- Key verification & login
- HWID binding & management
- Session management
- License variables & logging
Store API (v1)
- Product management
- Order processing
- Customer data
- Analytics & reporting
License API (v0): https://sellrealm.com/api/v0/ Store API (v1): https://sellrealm.com/api/v1/
Authentication
Secure your API requests with dual-secret authentication.
SellRealm implements an enhanced security model with separate authentication secrets for each API, providing better isolation and security for your store operations.
Authentication Secrets
| API | Secret Type | Usage | Level |
|---|---|---|---|
| License API (v0) | auth_secret | License verification, sessions, HWID operations | High Security |
| Store API (v1) | store_secret | Store data management, products, orders | Administrative |
Finding Your Secrets
- Log into your SellRealm dashboard
- Navigate to Store Settings
- Copy your 48-character auth_secret for License API
- Copy your 48-character store_secret for Store API
- Keep both secrets secure — never share them publicly
License API (v0) — Encrypted POST
POST https://sellrealm.com/api/v0/ Content-Type: application/x-www-form-urlencoded auth_secret=your_48_char_auth_secret [encrypted payload parameters]
Store API (v1) — Bearer Token
GET https://sellrealm.com/api/v1/products Authorization: Bearer your_48_char_store_secret Content-Type: application/json
SDKs & Libraries
Official SDKs and community libraries for easy integration.
SellRealm provides officially maintained SDKs that handle all complexity of encryption, session management, and secure communications.
Python SDK
Full-featured library with async support, automatic session management, and comprehensive error handling.
View on GitHubC++ SDK
High-performance library optimized for native applications, games, and enterprise software solutions.
View on GitHubSDK Features
- Automatic Encryption: All data encrypted and decrypted automatically
- Session Management: Handles login, validation, and logout automatically
- HWID Detection: Platform-specific hardware ID generation
- Error Handling: Comprehensive error handling with detailed messages
- Thread Safety: Safe for use in multi-threaded applications
- Retry Logic: Automatic retry on network failures
HTTP Status Codes
| Code | Meaning | Description |
|---|---|---|
| 200 | OK | Request successful |
| 400 | Bad Request | Invalid request parameters |
| 403 | Forbidden | Invalid auth_secret/store_secret or unauthorized |
| 405 | Method Not Allowed | Incorrect HTTP method used |
| 429 | Too Many Requests | Rate limit exceeded |
Common Error Messages
| Error | Cause | Solution |
|---|---|---|
| Invalid key or auth secret | Wrong license key or auth_secret | Verify your auth_secret for License API |
| Invalid store secret | Wrong store_secret for Store API | Check your 48-char store_secret in dashboard |
| HWID does not match | Key bound to different hardware | Reset HWID or use correct device |
| Session has expired | Session timeout reached | Re-authenticate with login method |
| Key has been banned | Key permanently disabled | Contact support or use valid key |
| Too Many Requests | Rate limit exceeded | Reduce request frequency |
License API (v0)
Secure license verification and authentication system.
The License API provides comprehensive license key management for protecting your software applications. It handles license verification, user authentication, HWID binding, session management, variable storage, and audit logging. All communications use enterprise-grade encryption and require your auth_secret.
Base URL
https://sellrealm.com/api/v0/
Available Operations
| Operation | Type Value | Description |
|---|---|---|
| Verify Key / Login | Default (no type) | Verify a license key and create authenticated session |
| Check Session | check_session | Validate an existing session |
| Get HWID | get_hwid | Retrieve stored HWID for a key |
| Reset HWID | reset_hwid | Clear HWID binding for a key |
| Restore HWID | restore_hwid | Set specific HWID for a key |
| Terminate Session | terminate_session | End an active session |
| Log Action | log_action | Log custom actions for audit trails |
| Ban Key | ban_key | Permanently ban a license key |
Verify Key / Login
Authenticate users and create secure sessions.
/api/v0/
Verifies a license key, authenticates the user, binds the key to hardware ID, and creates an authenticated session. This is the primary authentication method — equivalent to a user login. Returns license variables and user information upon successful authentication.
Core Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
key | string | Required | User's license key (encrypted) |
auth_secret | string | Required | Your 48-character auth secret |
hwid | string | Required | User's hardware ID (encrypted) |
product_id | integer | Required | ID of the product being accessed |
timestamp | integer | Optional | Client timestamp for time validation |
Success Response
{
"status": "success",
"message": "Key is valid",
"session_id": "a1b2c3d4e5f6...",
"session_expires_at": "2024-12-25 12:00:00",
"nonce": "random_nonce_value",
"key_expires_at": "2024-12-31",
"variables": {
"app_version": "1.0.0",
"feature_flag": true
},
"server_time": 1703512800,
"level": 1
}
Error Response
{
"status": "error",
"message": "Invalid key or auth secret"
}
Check Session
Validate existing sessions without re-authentication.
/api/v0/
Validates an existing session without requiring full key verification. Use this for periodic checks to ensure the user's session is still valid and active.
Request Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
type | string | Required | Must be "check_session" |
session_id | string | Required | Session ID from login response |
auth_secret | string | Required | Your 48-character auth secret |
nonce | string | Required | Current session nonce |
product_id | integer | Required | ID of the product being accessed |
Success Response
{
"status": "success",
"message": "Session is active and key is valid",
"nonce": "new_nonce_value",
"key_expires_at": "2024-12-31",
"level": 1,
"server_time": 1703512800
}
License Variables
Secure server-side variable storage for sensitive data.
License Variables provide a secure way to store sensitive information on SellRealm's servers instead of hardcoding values in your application. These variables are automatically returned during successful login/verification.
Variable Types
| Type | Description | Use Case |
|---|---|---|
| String | Text-based values | API keys, configuration values, URLs |
| Boolean | True/false values | Feature flags, enable/disable settings |
| File | Binary file data | Configuration files, certificates, assets |
Example Variable Response
{
"variables": {
"api_endpoint": "https://api.example.com/v1",
"premium_features": true,
"max_users": "100",
"secret_key": "sk_live_abc123def456"
}
}
Common Use Cases
- API Keys: Store third-party API keys securely
- Feature Flags: Enable/disable features remotely
- Configuration: Server URLs, timeouts, limits
- Licensing Tiers: Different features per license level
- Updates: Minimum version requirements, update URLs
HWID Management
Manage hardware ID bindings for license keys.
Hardware ID (HWID) management allows you to bind license keys to specific devices, preventing unauthorized sharing while providing flexibility for legitimate use cases.
/api/v0/
Retrieve the currently stored HWID for a license key.
| Parameter | Required | Description |
|---|---|---|
type | Required | "get_hwid" |
key | Required | License key (encrypted) |
auth_secret | Required | Your auth secret |
{
"status": "success",
"message": "HWID retrieved",
"hwid": "ABC123-DEF456-GHI789"
}
Clear the HWID binding for a license key, allowing it to be used on a different device.
| Parameter | Required | Description |
|---|---|---|
type | Required | "reset_hwid" |
key | Required | License key (encrypted) |
auth_secret | Required | Your auth secret |
{
"status": "success",
"message": "HWID reset successfully"
}
Session Management
Control active sessions and prevent unauthorized access.
/api/v0/
Terminate an active session, logging the user out and requiring re-authentication.
| Parameter | Required | Description |
|---|---|---|
type | Required | "terminate_session" |
key | Required | License key (encrypted) |
session_id | Required | Session ID to terminate |
nonce | Required | Current session nonce |
auth_secret | Required | Your auth secret |
{
"status": "success",
"message": "Session terminated"
}
Log Action
Custom action logging for audit trails and monitoring.
/api/v0/
Log custom actions for audit trails and monitoring. Track specific user activities, security events, or application usage for compliance and analytics purposes.
| Parameter | Required | Description |
|---|---|---|
type | Required | "log_action" |
key | Required | License key (encrypted) |
action_type | Required | Type of action being logged |
action_details | Optional | Additional details about the action |
auth_secret | Required | Your auth secret |
Example Use Cases
- Security Events: Failed login attempts, permission changes
- Feature Usage: Premium feature access, API calls
- Compliance: Data access, export operations
- Analytics: User behavior, performance metrics
{
"status": "success",
"message": "Action logged successfully"
}
Ban Key
Permanently disable license keys.
/api/v0/
Permanently ban a license key and terminate all associated sessions. This is an irreversible security action used to prevent further access by compromised or misused keys.
| Parameter | Required | Description |
|---|---|---|
type | Required | "ban_key" |
key | Required | License key to ban (encrypted) |
auth_secret | Required | Your auth secret |
reason | Optional | Reason for banning (encrypted) |
Common Ban Reasons
- Security Breach: Key compromised or unauthorized access detected
- Terms Violation: User violated license terms or usage policy
- Fraud: Fraudulent purchase or chargeback
- Abuse: Excessive API usage or system abuse
{
"status": "success",
"message": "Key has been banned successfully"
}
Store API (v1)
Manage your store data and operations.
The Store API provides access to your store's data including products, orders, customers, and analytics. This API uses your store_secret for authentication and is currently in development with basic functionality available.
Base URL
https://sellrealm.com/api/v1/
Authentication
All Store API requests require your store_secret in the Authorization header:
Authorization: Bearer your_48_char_store_secret
Products API
Manage your store products.
/api/v1/products
Retrieve a list of all products in your store.
Authorization: Bearer your_48_char_store_secret
[
{
"product_id": 1,
"title": "Sample Product",
"price": 25.00,
"stock": null,
"created_at": "2024-05-16 05:24:48"
}
]
/api/v1/products
Create a new product in your store.
Authorization: Bearer your_48_char_store_secret Content-Type: application/json
Request Body
{
"title": "New Product",
"price": 19.99,
"stock": 100
}
{
"message": "Product created successfully",
"product_id": 4
}
Orders API
Access order information and transaction data.
- Retrieve order history
- Get order details by ID
- Update order status
- Process refunds
- Track order analytics
Keys API
Manage license keys through the Store API.
/api/v1/keys
Retrieve a list of license keys in your store.
Authorization: Bearer your_48_char_store_secret
[
{
"key_id": 1,
"key_value": "6CE3-5E57-45C7-7B12",
"status": "Used",
"created_at": "2024-05-17 08:39:47"
}
]