Welcome to LYNX Documentation
The developer guide for integrating next-generation authentication architecture into your remote clients. Built for exact scale and unparalleled security.
Architecture Overview
LYNX provides a secure backend for managing isolated applications, hardware-id (HWID) locked users, and real-time Discord webhooks. This documentation outlines the exact REST endpoints.
All API endpoints should route to your centralized backend instance. In these examples, the host points directly to https://api.lynxauth.qzz.io.
Core Mechanics
- Immutable Authorization: Native HWID binding prevents simultaneous footprint execution.
- Instant Auditing: Discrete Discord alerts trace valid user logins universally.
- Stateless Operation: JWT-less architecture with rapid remote lockouts.
Authentication Architecture
Understanding identity resolution and keys inside LYNX.
Security Isolation
We divide environment credentials explicitly into two discrete spheres:
1. Master Access (Dashboard & Admin)
Operations targeting global application drops and user allocations require your OwnerID. Think of this as the root system key generated during Firebase authentication.
2. Executable Access (Client Bins)
Compiled software (C#, Python, DLLs) strictly relies on an application-level App Secret. An App Secret cannot query your wallet data, nor can it obliterate databases.
Never expose your OwnerID within redistributable client binaries! Only compile the App Secret inside your executable.
Client Login
Authenticate an end-user from remote software boundaries.
Evaluates a given username, password, and HWID fingerprint against your exact application tier.
Request Payload (JSON)
| Parameter | Type | Descriptor |
|---|---|---|
ownerid | String | Your global Seller ID reference |
app_secret | String | The isolated secret token for your specific App |
username | String | The provisioned user identity |
password | String | The provisioned user password |
hwid | String | The local physical machine digest (ex. SHA256) |
import requests import platform import hashlib class LynxAuthAPI: def __init__(self, ownerid, secret, api_url="https://api.lynxauth.qzz.io"): if api_url.endswith("/"): api_url = api_url[:-1] self.ownerid = ownerid self.secret = secret self.api_url = f"{api_url}/api/1.0/user_login" def get_hwid(self): return hashlib.sha256(f"{platform.node()}-{platform.processor()}".encode()).hexdigest() def login(self, username, password): payload = { "ownerid": self.ownerid, "app_secret": self.secret, "username": username, "password": password, "hwid": self.get_hwid() } try: response = requests.post(self.api_url, json=payload) return response.json() except requests.exceptions.RequestException as e: return {"success": False, "message": f"Connection Error: {e}"}
using System.Security.Cryptography; using System.Text; using Newtonsoft.Json; using System; using System.Net.Http; using System.Threading.Tasks; namespace LynxAuth { public class Auth { private readonly string OwnerId; private readonly string Secret; private readonly string ApiUrl; private static readonly HttpClient client = new HttpClient(); public Auth(string ownerid, string secret, string apiUrl = "https://api.lynxauth.qzz.io") { OwnerId = ownerid; Secret = secret; if (apiUrl.EndsWith("/")) apiUrl = apiUrl.TrimEnd('/'); ApiUrl = $"{apiUrl}/api/1.0/user_login"; } private static string GetHwid() { var input = $"{Environment.MachineName}-{Environment.UserName}-{Environment.ProcessorCount}"; using (var sha256 = SHA256.Create()) { var bytes = sha256.ComputeHash(Encoding.UTF8.GetBytes(input)); return BitConverter.ToString(bytes).Replace("-", "").ToLowerInvariant(); } } public async Task<dynamic> Login(string username, string password) { var payload = new { ownerid = OwnerId, app_secret = Secret, username = username, password = password, hwid = GetHwid() }; var json = JsonConvert.SerializeObject(payload); var content = new StringContent(json, Encoding.UTF8, "application/json"); try { var response = await client.PostAsync(ApiUrl, content); var result = await response.Content.ReadAsStringAsync(); return JsonConvert.DeserializeObject(result); } catch (HttpRequestException e) { return new { success = false, message = $"Connection Error: {e.Message}" }; } } } }
Response Interpretation
A unified dict/JSON object outlining session persistence is returned.
{"success": true, "message": "Login successful.", "info": {"expires": "2026-12-31T00:00:00"}}{"success": false, "message": "HWID mismatch."}- Machine footprint deviation.{"success": false, "message": "Your subscription has expired."}- Strict time lockout.
User Management
Modify and assign entity states remotely through external bots or scripts.
Interact with active user allocations (e.g. resetting fingerprints).
Schema
| Parameter | Type | Notes |
|---|---|---|
user_id | String | Database document ID context |
action | String | "reset_hwid", "set_expiry", or "toggle_lock" |
lock_state | Boolean | Active ONLY if action = "toggle_lock" |
expire_str | String | Active ONLY if action = "set_expiry" |
Generate fresh identity matrices assigned to an App.
Schema
| Parameter | Type | Notes |
|---|---|---|
ownerid | String | Master credential identity |
appid | String | Locational registry string |
username/password | String | Keys |
days | Integer | Time added. Use 0 for Lifetime. |
Discord Integration
Track network activity smoothly on social servers.
If webhook parameters are flagged active on the backend, LYNX dispatches an embed silently tracking end-user client behavior upon boot.
Write discord targets to memory.
Schema
| Parameter | Type | Notes |
|---|---|---|
appid | String | Identity context |
webhook_url | String | Standard discord domain url |
show_hwid | Boolean | Display user hash dynamically |
show_expiry | Boolean | Compute total time left |
show_app | Boolean | Expose software name |
Platform Administration
God Mode paths strictly reserved for platform administrators.
Calculate total node latency and platform capacities.
// Standard HTTP 200 Returns: { "status": "success", "sellers": 15, "users": 342, "gold": 8, "apps": 21 }