Keyauth changelog
Keyauth changelog

Thanksgiving update & KeyAuth 2nd Birthday Event




August Update, huge performance increase, no more ISP blocks!



  • Custom domains for API. Available for developer and seller plans. 100% recommend, this will make sure your users don't get blocked by retarded internet providers. Tutorial:
  • Using AJAX requests for dashboard now. So users with thousands of keys, users, etc, won't need to wait long for their page to render anymore.
  • Emails are now hashed with SHA1 for boosted security, we can't see your plain-text emails now
  • Online user count now counts logged in users only
  • Fixed bug where when people pressed reload button on dashboard, it would try to resubmit form
  • Fixed bug where messages in chat channels would be deleted if message sent in a different chat channel
  • Added limit of 5k keys per day to SellerAPI add key endpoint (many DDoS attacks abused the fact there was no limit before)
  • API now checks if file link dead (4xx HTTP code) on download
  • Added option to ban user or delete user also when banning or deleting key
  • Increased account security, paid accounts now must do email or 2FA verification when logging in from new location
  • Added SellerAPI types 'addAccount' and 'deleteAccount' for managing Reseller and Manager accounts
  • Added SellerAPI type 'massUserVarDelete' to delete all user variables with name
  • Added ability to pause and unpause individual users
  • Added new 1.2 API endpoint which has protection against network debuggers
  • Added option to require minimum username length and added option to block breached passwords (uses HaveIBeenPwned API, doesn't send password to them, only hash prefix. secure)
  • Added API type 'fetchOnline' which returns array of usernames currently logged in to your application
  • Added option to kill other sessions with same username when user logs in (can be used to prevent people sharing on a website for example where HWID lock can't be applied)

Discord bot update & minor changes




C++ integrity check added (credits TheH3xRayz#2005)




A few people have freaked out to us about a BS "bypass" pertaining to the latest c++ examples only, the ones with KeyAuth.hpp are unaffected. The bypass can be mitigated even by using older versions of VMProtect, though TheH3xRayz#2005 contributed code to patch the bypass regardless of what obfuscator you the application developer is using, and regardless of what injector the bad actor attempting to pirate your program is using.

So those just two options to fix this bypass. Obfuscate or use the latest .lib file just committed to

Apologies for not address this earlier, I thought it was quite self-explanatory but sadly not to some people 🤦‍♂️ The bypass has nothing to do with KeyAuth, it's modifying the memory of a JSON decoding function from GitHub. this could be done to any unobfuscated program using any type of authentication system.

KeyAuth will never guarantee integrated obfuscation. Even authentication services which cost tens of thousands per month don't accept the responsibility of integrated obfuscation. So you shouldn't expect KeyAuth to.

I've heard that provides a lot of mitigation methods against circumvention. Feel free to look at that

I (mak) am not competent in client-side security and don't plan to become competent in it. Companies like VMProtect and Themida have several years of experience and still are at a constant battle with circumvention. KeyAuth ensures your program can't be bypassed with HTTP Debugger, something that is possible with authgg. Past that it is the responsibility of the app developer to seek obfuscation from another company or make their own.

KeyAuth discord bot coming soon. mazk provided me with a great base and so I just need to add a few more commands and it'll be ready. the bigger concern is networking being online to update the files on the Discord bot hosting lmao.

networking said he'd be slightly inactive until 28th of this month. please make suggestions in I'm less tired this week so I should be able to get a lot of them done over the weekend 💯

Changing DDoS mitigation tomorrow




We're changing DDoS mitigation tomorrow around 3PM EST (New York Time)

There will be a short downtime and SSL certificate change.

If you're having issues connecting to the site using the loader after this is complete, please let us know and we'll contact the DDoS mitigation provider.

coming soon:

Discord bot update, whenever I have the time Eventually I'd like to release a new API version that would be more simple.

January 21, 2022 Update




January 18, 2022 Update



  • KeyAuth is now hosted solely on
  • C++ example, add data
  • C++ example, more user data
  • C++ example, bug fixes
  • Host/Server change

January 2 2022 Update



  • C++ example updated, far easier to add KeyAuth to your program (some features missing, I had limited time)
  • KeyAuth web loader added (control application from customer panel)
  • Several SellerAPI endpoints added
  • New features added to 1.1 API
  • GET paramaters added to 1.1 API
  • Server-side code cleanup, much easier to work with now
  • View, edit, delete chat channels added
  • Multiple program hashes supported now
  • Request body and content type added to webhook function
  • App data added (Number of users, number of online users, number of keys, version, customer panel link)

November 20 2021 Update




1.1 (unencrypted API endpoint) was not updated, next update will have an endpoint that can be used both encrypted and non-encrypted

  • Added ability to edit username of users
  • VB example update to core functionality, didn't add all the functions added to the c#, c++, and python examples.
  • added add fetch all blacklists to Seller API
  • added blacklist check function
  • (seller only) chat channels
  • now any users still on your account after you reset password will be locked out
  • account expiration fixed. it used to start whenever you made your account, not when you purchased KeyAuth. If your expiry in account settings is far sooner than a year from when you purchased, message modmail with your orderid and tell us your account expiry is wrong
  • hash check added back, disabled by default
  • more user data added (forgot app data, will try to add next update)
  • added banned column to users table on dashboard
  • more custom API responses settings
  • view active users in session tab and kill sessions if you want (log your users out)
  • pause button now pauses users's subscriptions so you can unpause them whenever and they will lose no time
  • reset password added to SellerAPI
  • you can now set session expiry time (how long your users stay logged in)
  • added fetch all files, fetch all vars to Seller API
  • you can now download files on dashboard
  • user variables added
  • import keys avaliable to tester users now (used to require developer)
  • search bars added to drop down selection menus on dashboard
  • added ability extend all users
  • changed key level input box on create licenses modal to a drop down menu of your subcriptions, so it's impossible to create key with a level that doesn't correspond to a subscription now
  • added verify user to SellerAPI
  • delete expired users added to dashboard and SellerAPI
  • import users added to users tab on dashboard
  • you can now change HWID reset cooldown for customer panel in app settings
  • added fetch all subs for app to SellerAPI
  • added Question mark tooltips to dashboard to help assist people confused with a feature