Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.codegateapp.com/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The CodeGate SDK API provides project info, code listing, verify, reactivate, and statistics. All endpoints require API Key + HMAC-SHA256 signature authentication. Prefer the Python SDK or JavaScript SDK to avoid writing signing logic.

Authentication

Each request must carry the following in HTTP headers:
HeaderDescription
X-API-KeyAPI Key (32-char UUID, no hyphens)
X-TimestampUnix timestamp (seconds)
X-SignatureHMAC-SHA256 signature (lowercase hex, 64 chars)
Signature string format: 
{METHOD}\n{PATH}\n{QUERY_STRING}\n{BODY_SHA256_HEX}\n{TIMESTAMP}
  • For empty body use SHA256 of empty string: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
  • Timestamp must be within ±5 minutes to prevent replay attacks

Endpoint quick reference

MethodPathPurpose
GET/api/v1/projects/{project_id}Project info
GET/api/v1/projects/{project_id}/codesList codes with pagination
GET/api/v1/projects/{project_id}/codes/{code_id}Get one code by ID
GET/api/v1/projects/{project_id}/codes/by-code/{code}Get one code by code string
POST/api/v1/projects/{project_id}/codes/verifyVerify (redeem)
POST/api/v1/projects/{project_id}/codes/reactivateReactivate
GET/api/v1/projects/{project_id}/statisticsStatistics

Business error codes (verify / reactivate)

When the response has success=false, error_code may be:
Error codeMeaning
CODE_NOT_FOUNDActivation code not found
CODE_ALREADY_USEDAlready used (on verify)
CODE_ALREADY_UNUSEDAlready unused (on reactivate)
CODE_DISABLEDCode disabled
CODE_EXPIREDCode expired
PROJECT_DISABLEDProject disabled
PROJECT_EXPIREDProject expired

HTTP status codes

Status codeDescription
200Request succeeded
400Parameter error
401Authentication failed
403project_id does not match API Key
404Resource not found
429Rate limited
500Server error