AdvancedAuth - Minecraft Authentication with API & Email
About AdvancedAuth
AdvancedAuth is a comprehensive Minecraft authentication plugin designed to provide enterprise-grade security for your server. Featuring a secure login system with encrypted passwords, a realβtime admin dashboard, and now a powerful REST API with granular permission control. Perfect for server owners looking to enhance security, integrate external services, and improve user experience.
Our plugin now includes emailβbased OTP password reset, API key management with 12 distinct permissions (users.read, users.create, users.delete, etc.), detailed IP login history, active session tracking, and an intuitive web interface that allows you to manage users, monitor activity, and configure security settings from anywhere.
Key Features
REST API Documentation
All API endpoints require an API key passed in the x-api-key header. Keys are generated from the admin dashboard and can be assigned granular permissions. The base URL is https://plugins.zenuxs.in.
Description: Check if a user exists and validate password.
Query Parameters: tag (username), password, apikey, serverKey (optional).
GET /api/dataapikey/query?tag=john&password=123456&apikey=YOUR_API_KEY
{
"valid": true,
"exists": true,
"username": "john",
"email": "john@example.com",
"isBanned": false,
"timestamp": "23/01/2025, 14:30:45"
}Description: Register a new user.
Headers: Content-Type: application/json, x-api-key: YOUR_API_KEY
{
"username": "john",
"password": "123456",
"email": "john@example.com"
}{
"message": "User registered successfully",
"username": "john"
}Description: Get a paginated list of users.
Headers: x-api-key: YOUR_API_KEY
Query Parameters: page, limit
GET /api/admin/users?page=1&limit=10
{
"users": [ ... ],
"totalUsers": 150,
"page": 1,
"totalPages": 15
}Description: Permanently delete a user.
{ "username": "john" }{ "message": "User deleted successfully" }Description: Ban a user (prevents login).
{
"username": "john",
"banMessage": "Spamming"
}{ "message": "User banned successfully" }Description: Unban a previously banned user.
{ "username": "john" }{ "message": "User unbanned successfully" }Description: Change a user's password (admin action).
{
"username": "john",
"newPassword": "newpass123"
}{ "message": "Password changed successfully" }Description: Reset a user's password and optionally send email.
{
"newPassword": "newpass123",
"sendEmail": true
}{
"success": true,
"message": "Password reset successfully",
"username": "john",
"emailSent": true
}Description: Invalidate all active sessions for a user.
{ "username": "john" }{
"success": true,
"message": "All sessions invalidated",
"username": "john"
}Description: Retrieve IP login history for a user.
GET /api/admin/user/john/ipStats
{
"username": "john",
"totalLogins": 25,
"uniqueIPs": 3,
"mostFrequentIP": "192.168.1.1",
"loginCountByIP": { "192.168.1.1": 15, ... },
"recentIPs": [ ... ]
}Description: Export all users as JSON or CSV.
Query Parameter: format (json or csv).
GET /api/admin/users/export?format=json
Description: List all active sessions for a user.
GET /api/admin/user/john/sessions
{
"username": "john",
"totalActiveSessions": 2,
"sessions": [ ... ]
}Description: Perform bulk ban/unban/delete operations.
{
"action": "ban",
"usernames": ["john", "jane"]
}{
"success": true,
"message": "Bulk ban completed",
"affected": 2
}
All API keys are scoped to the server they were created for. Use the x-api-key header for authentication.
Plugin Screenshots
Configuration Example
# ============================================================
# ZENUXS PLUGINS
# ============================================================
# Website: https://plugins.zenuxs.xyz
# Developer: developer.rs (Rishabh)
# Discord: https://discord.zenuxs.xyz
# ============================================================
# ======================================
# AuthPlugin Configuration
# ======================================
# -------------------------------
# API Settings
# -------------------------------
timeout: 10000
# -------------------------------
# License Key
# -------------------------------
license-key: ""
# -------------------------------
# Login Settings
# -------------------------------
login:
max-attempts: 3
timeout: 300
session-duration: 86400
# -------------------------------
# IP Limit Settings
# -------------------------------
ip-limit:
enabled: true
max-players: 3
# -------------------------------
# Email OTP Settings
# -------------------------------
email:
enabled: true
otp-expiry: 600
reset-url: "https://your-site.com/reset-password"
# -------------------------------
# Auth World Settings
# -------------------------------
auth-world:
register-world: ""
register-x: 0.5
register-y: 64.0
register-z: 0.5
register-yaw: 0.0
register-pitch: 0.0
login-world: ""
login-x: 0.5
login-y: 64.0
login-z: 0.5
login-yaw: 0.0
login-pitch: 0.0
# -------------------------------
# Protection Settings
# -------------------------------
protection:
prevent-movement: true
prevent-block-break: true
prevent-block-place: true
prevent-interaction: true
prevent-chat: true
prevent-damage: true
prevent-item-drop: true
prevent-item-pickup: true
# -------------------------------
# Messages
# -------------------------------
messages:
prefix: "&8[&bAuth&8] &7"
no-permission: "&cYou don't have permission to use this command."
not-player: "&cThis command can only be executed by players."
already-logged-in: "&aYou are already logged in."
not-logged-in: "&cPlease login first with /login "
not-registered: "&cPlease register first with /register "
welcome-back: "&e&lWelcome back %player%! &7Please use &b/login "
welcome-new: "&e&lWelcome %player%! &7Please use &b/register "
register-usage: "&cUsage: /register "
login-usage: "&cUsage: /login "
register-success: "&aRegistration successful! You can now login with /login."
login-success: "&aLogin successful! Welcome to the server!"
logout-success: "&aYou have been logged out."
reload-success: "&aConfiguration reloaded successfully."
register-error: "&cRegistration failed: %error%"
login-error: "&cLogin failed: %error%"
login-attempts: "&cYou have %attempts% attempts remaining."
login-timeout: "&cYou have been kicked for too many failed login attempts."
api-error: "&cCould not connect to authentication server. Please try again later."
license-error: "&cInvalid license key. Please contact an administrator."
ip-limit-exceeded: "&cToo many players are already connected from your IP address!"
custom-join-message: "&a&l+ &a%player% joined the server!"
custom-leave-message: "&c&l- &c%player% left the server!"
# -------------------------------
# Commands to Execute on Login
# -------------------------------
on-login:
- "title %player% title {\"text\":\"Welcome!\",\"color\":\"green\"}"
- "title %player% subtitle {\"text\":\"Enjoy your stay!\",\"color\":\"yellow\"}"
- "playsound minecraft:entity.player.levelup player %player%"
# -------------------------------
# BungeeCord command block
# -------------------------------
block-bungee-commands: true