Docs β’ ZentryAuth
Integration guide
HWID activation and validation, with copy-paste ready examples.
β Standard responses
β HWID + Token
β C++ / C#
π Quickstart
The minimum to integrate in 3 steps.
π§ͺ Ready-to-use examples
Copy-paste cURL, C++ and C#.
β οΈ Errors & security
Codes and best practices.
β
Before you start
You need: your panel APP_KEY, a way to get the machineβs real HWID, and
HTTPS in production.
π Quickstart
The minimum required to integrate ZentryAuth.
- Define BASE_URL and APP_KEY.
- Send key + hwid + version to Activate.
- Store the token and validate with Validate while the app is running.
Variables
BASE_URL = https://zentryauth.com
APP_KEY = your_app_key
VERSION = 1.0.0
HWID = PC-123
Note: HWID must come from your client app (real machine). Avoid hardcoding it in production.
π§ Recommended flow
1) Init (optional)
Check maintenance/version before activating.
2) Activate
Activate license by HWID and return a token.
3) Validate
Validate token + HWID during the session.
π Endpoints
POST
optional
/api/v1/{app_key}/init
Returns status/version. Useful to block maintenance mode or disallowed versions.
POST
/api/v1/{app_key}/license/activate
Input: key, hwid, version. Output: token.
Request JSON
{
"key": "XXXX-XXXX-XXXX",
"hwid": "PC-123",
"version": "1.0.0"
}Response (example)
{
"success": true,
"code": "OK",
"message": "Activated",
"data": { "token": "..." }
}POST
/api/v1/{app_key}/license/validate
Input: token, hwid, version. Returns OK or error.
π§ͺ cURL examples
Activate
curl -X POST "https://zentryauth.com/api/v1/{app_key}/license/activate" \
-H "Content-Type: application/json" \
-d '{
"key": "XXXX-XXXX-XXXX",
"hwid": "PC-123",
"version": "1.0.0"
}'Validate
curl -X POST "https://zentryauth.com/api/v1/{app_key}/license/validate" \
-H "Content-Type: application/json" \
-d '{
"token": "TOKEN_HERE",
"hwid": "PC-123",
"version": "1.0.0"
}'π» C++ example (Windows SDK)
This example uses the ZentryAuth C++ SDK (ZentryApi/Zentry.hpp)
and demonstrates the standard flow: Init β Activate (license key) β read response.
You must set
- β’ APP_KEY from your panel
- β’ Ensure your SDK is configured to use your BASE_URL (https://zentryauth.com)
- β’ Use a real HWID inside the SDK (recommended)
Response mapping
- β’
0= OK - β’
2= HWID_ERROR - β’
3= EXPIRED - β’
4= BANNED - β’
5= INVALID_KEY
#include <windows.h>
#include <iostream>
#include <string>
#include <thread>
// ZentryAuth SDK
#include "ZentryApi/Zentry.hpp"
int main() {
// Optional debug flags (SDK dependent)
// ZentryAuth::Debug = true;
// ZentryAuth::MsgAlert = true;
// β
1) Init with APP_KEY (from your panel)
// NOTE: Replace with your real APP_KEY (32 chars example)
if (!ZentryAuth::Init_App("YOUR_APP_KEY")) {
std::cout << "Error Init AppKey" << std::endl;
return 0;
}
// β
2) Read license key from user
std::string key;
std::cout << "Key: ";
std::getline(std::cin, key);
// β
3) Activate (async)
std::thread(ZentryAuth::Auth_Licen, key).detach();
// β
4) Wait for response
for (;;) {
Sleep(100);
if (!ZentryAuth::data.load) continue;
// Response table (SDK dependent)
switch (ZentryAuth::data.response) {
case 0: MessageBoxA(0, "OK", "ZentryAuth", 0); break;
case 1: MessageBoxA(0, "ERROR", "ZentryAuth", 0); break;
case 2: MessageBoxA(0, "HWID_ERROR", "ZentryAuth", 0); break;
case 3: MessageBoxA(0, "EXPIRED", "ZentryAuth", 0); break;
case 4: MessageBoxA(0, "BANNED", "ZentryAuth", 0); break;
case 5: MessageBoxA(0, "INVALID_KEY", "ZentryAuth", 0); break;
case 6: MessageBoxA(0, "WARNING", "ZentryAuth", 0); break;
default: MessageBoxA(0, "UNKNOWN", "ZentryAuth", 0); break;
}
break;
}
// Optional: show expiry info (if SDK provides it)
std::cout << "Expire: " << ZentryAuth::data.expiry
<< " | Days: " << ZentryAuth::data.expiry_days
<< " | Code: " << ZentryAuth::data.response
<< std::endl;
system("pause");
return 0;
}
Tip: For production, avoid hardcoding and make sure the SDK reads BASE_URL and uses HTTPS.
If you don't have the SDK BASE_URL configurable yet, you can still use the raw HTTP example above with
cURL or your own request function.
𧩠C# example (Activate + Validate)
Minimal integration using HttpClient. Replace APP_KEY, set your HWID, then call Activate once and Validate periodically while the app is running.
using System;
using System.Net.Http;
using System.Text;
using System.Text.Json;
using System.Threading;
using System.Threading.Tasks;
public class Program
{
// β
Change these
static readonly string BASE_URL = "https://zentryauth.com";
static readonly string APP_KEY = "YOUR_APP_KEY";
static readonly string VERSION = "1.0.0";
// Tip: Use a real HWID from your machine (avoid hardcoding in production)
static string GetHwid()
{
// TODO: Replace with your own HWID method
return "PC-123";
}
static async Task Main()
{
Console.Write("License key: ");
var licenseKey = Console.ReadLine()?.Trim() ?? "";
if (string.IsNullOrWhiteSpace(licenseKey))
{
Console.WriteLine("Empty key.");
return;
}
var hwid = GetHwid();
using var http = new HttpClient
{
Timeout = TimeSpan.FromSeconds(12)
};
// 1) Activate β token
var token = await ActivateAsync(http, licenseKey, hwid, VERSION);
if (string.IsNullOrWhiteSpace(token))
{
Console.WriteLine("Activation failed.");
return;
}
Console.WriteLine("Activated β
");
Console.WriteLine("Token: " + token);
// 2) Validate periodically (example: every 30 seconds)
while (true)
{
var ok = await ValidateAsync(http, token, hwid, VERSION);
if (!ok)
{
Console.WriteLine("Validate failed β (stop app / logout user)");
// break; // optional
}
else
{
Console.WriteLine("Validate OK β
" + DateTime.Now);
}
Thread.Sleep(TimeSpan.FromSeconds(30));
}
}
static async Task<string> ActivateAsync(HttpClient http, string key, string hwid, string version)
{
var url = $"{BASE_URL}/api/v1/{APP_KEY}/license/activate";
var payload = new
{
key = key,
hwid = hwid,
version = version
};
var json = JsonSerializer.Serialize(payload);
using var content = new StringContent(json, Encoding.UTF8, "application/json");
using var resp = await http.PostAsync(url, content);
var body = await resp.Content.ReadAsStringAsync();
if (!resp.IsSuccessStatusCode)
{
Console.WriteLine("HTTP " + (int)resp.StatusCode);
Console.WriteLine(body);
return "";
}
// Expected:
// { "success": true, "code": "OK", "message": "...", "data": { "token": "..." } }
try
{
using var doc = JsonDocument.Parse(body);
var root = doc.RootElement;
var success = root.TryGetProperty("success", out var s) && s.GetBoolean();
if (!success)
{
var code = root.TryGetProperty("code", out var c) ? c.GetString() : "ERROR";
var msg = root.TryGetProperty("message", out var m) ? m.GetString() : "";
Console.WriteLine($"Activate error: {code} - {msg}");
return "";
}
var token = root.GetProperty("data").GetProperty("token").GetString();
return token ?? "";
}
catch
{
Console.WriteLine("Invalid JSON response:");
Console.WriteLine(body);
return "";
}
}
static async Task<bool> ValidateAsync(HttpClient http, string token, string hwid, string version)
{
var url = $"{BASE_URL}/api/v1/{APP_KEY}/license/validate";
var payload = new
{
token = token,
hwid = hwid,
version = version
};
var json = JsonSerializer.Serialize(payload);
using var content = new StringContent(json, Encoding.UTF8, "application/json");
using var resp = await http.PostAsync(url, content);
var body = await resp.Content.ReadAsStringAsync();
if (!resp.IsSuccessStatusCode)
{
Console.WriteLine("HTTP " + (int)resp.StatusCode);
Console.WriteLine(body);
return false;
}
// Expected:
// { "success": true, "code": "OK", "message": "...", "data": { ... } }
try
{
using var doc = JsonDocument.Parse(body);
var root = doc.RootElement;
var success = root.TryGetProperty("success", out var s) && s.GetBoolean();
if (!success)
{
var code = root.TryGetProperty("code", out var c) ? c.GetString() : "INVALID_LICENSE";
var msg = root.TryGetProperty("message", out var m) ? m.GetString() : "";
Console.WriteLine($"Validate error: {code} - {msg}");
return false;
}
return true;
}
catch
{
Console.WriteLine("Invalid JSON response:");
Console.WriteLine(body);
return false;
}
}
}
Tip: If you return EXPIRED / INVALID_LICENSE, stop the app or force re-activation.
Keep token in memory or secure storage, and always use HTTPS in production.
β οΈ Error codes
INVALID_LICENSE
Invalid key, expired, or HWID mismatch (generic response).
EXPIRED
Expired license or expired token (depending on endpoint).
MAINTENANCE
The app is in maintenance mode.
VERSION_BLOCKED
Version is not allowed by the update policy.
π‘οΈ Security recommendations
- β’ Do not show detailed messages to the end user (use a generic message).
- β’ Always use TLS (https) in production.
- β’ Implement rate-limiting and log failed attempts.
- β’ Store the token in memory or secure storage; do not expose it in client logs.
