REST API
Read your server's gates, members, leaderboard, and audit log over a simple authenticated REST API.
HoneyGate exposes a read-only REST API so you can pull your server's data into your own apps, dashboards, or websites. It's available on every plan (including Free) — it's infrastructure, not an upsell.
Authentication
Create an API key in the admin panel under API Keys (/admin/public-api/). The key is shown once at creation (we only store a hash), so copy it then.
Send it as a Bearer token:
Authorization: Bearer hg2_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Each key is scoped — you choose what it can read when you create it:
| Scope | Grants |
|---|---|
gates.read | List gates and their conditions |
members.read | List members (with XP, join dates) |
xp.read | Read XP totals, rank, and the leaderboard |
audit.read | Read audit-log entries |
A key is tied to one server, and you can have up to 10 active keys per server. Keys can be given an optional expiry.
Base URL & format
All endpoints live under:
https://honeygate.app/api/v1/public-api/<endpoint>
Every response is JSON. Success looks like:
{ "ok": true, "data": { ... }, "request_id": "..." }
Errors look like:
{ "ok": false, "error": { "message": "...", "code": "..." }, "request_id": "..." }
Common status codes: 200 OK, 401 invalid/expired key, 403 missing scope, 404 unknown endpoint, 429 rate-limited.
Rate limit
120 requests per minute per key by default (configurable per key). If you exceed it you'll get a 429; wait and retry.
Endpoints
GET /gates — scope: gates.read
Lists the server's gates, each with its role, logic mode (AND/OR), and conditions.
GET /members — scope: members.read
Lists members with discord_id, username, display name, joined_at, and xp. Supports ?limit= (default 100, max 1000) and ?offset= for paging.
GET /leaderboard — scope: xp.read
Top members by XP. Supports ?limit= (default 25, max 500).
GET /rank — scope: xp.read
A single member's XP and rank in this server. Requires ?discord_id=; guild_id defaults to the key's server.
GET /user — scope: xp.read
A single member's XP in this server (xp, messages_counted, voice_seconds, last_awarded_at). Requires ?discord_id=. Scoped to the key's server — a key only ever reads its own server's data.
GET /audit — scope: audit.read
Audit-log entries (role grants/revokes, gate passes, config changes). Supports ?limit= (default 100, max 500) and ?since=<ISO datetime> (default: last 7 days).
Example
curl https://honeygate.app/api/v1/public-api/leaderboard?limit=10 \
-H "Authorization: Bearer hg2_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
Want live updates instead of polling?
For push-style integration, use Outbound webhooks — HoneyGate calls your URL when things happen.