VPN Backend API

REST API reference for Flutter developers integrating any of the VPN app SKUs. All endpoints are JSON.

Base URL: https://vpnsbackend.oxmite.com/api

⚡ What's new in v2.0

Every API now supports an app_name field. Send it on register, login, and usage recording so your app's data stays separate and filterable in the admin panel. See the app_name section below.

app_name Field New

Because the same backend serves multiple VPN apps, every record is now tagged with app_name. Without it records default to "default" which mixes everything together.

Your app's identifier

Agree on a short slug with the admin team and use it consistently across all calls:

vpn_pro vpn_lite secure_vpn fast_vpn … or any slug

Where to send it

EndpointHow to sendEffect
POST /auth/registerRequest bodyTags the user record
POST /auth/loginRequest bodyScopes login to that app's users
POST /vpn/usageInherited from user tokenTags each usage record automatically
GET /admin/usersQuery param ?app_name=Filters results to one app
GET /admin/vpn-usageQuery param ?app_name=Filters results to one app
ℹ️ Users are scoped per app: a user with email john@mail.com in vpn_pro is a different record from john@mail.com in vpn_lite. This means the same email can be registered in multiple apps independently.

Authentication

Protected endpoints require a Bearer token in the Authorization header.

Authorization: Bearer <token>

Obtain a token via POST /auth/login (users) or POST /auth/admin/login (admin).

POST /auth/register

Create a new user account. Include app_name so the user is scoped to your app.

POST /auth/register No auth required

Request body

FieldTypeRequiredDescription
namestringrequiredUser's display name
emailstringrequiredUser's email address
passwordstringrequiredMinimum 6 characters
app_namestringrequiredYour app's identifier, e.g. "vpn_pro". Defaults to "default" if omitted.
Flutter/Dart
cURL
Response
final response = await http.post(
  Uri.parse('https://vpnsbackend.oxmite.com/api/auth/register'),
  headers: {'Content-Type': 'application/json'},
  body: jsonEncode({
    'name': 'John Doe',
    'email': 'john@example.com',
    'password': 'secret123',
    'app_name': 'vpn_pro',   // ← your app identifier
  }),
);
curl -X POST https://vpnsbackend.oxmite.com/api/auth/register \
  -H "Content-Type: application/json" \
  -d '{
    "name": "John Doe",
    "email": "john@example.com",
    "password": "secret123",
    "app_name": "vpn_pro"
  }'
{
  "success": true,
  "message": "User registered successfully",
  "data": {
    "user": {
      "id": "64abc...",
      "name": "John Doe",
      "email": "john@example.com",
      "status": "active",
      "app_name": "vpn_pro"
    },
    "token": "eyJhbGci..."
  }
}

POST /auth/login

Log in a user. Must send the same app_name used during registration.

POST /auth/login No auth required

Request body

FieldTypeRequiredDescription
emailstringrequiredRegistered email
passwordstringrequiredAccount password
app_namestringrequiredMust match the app_name used at registration
Flutter/Dart
cURL
Response
final response = await http.post(
  Uri.parse('https://vpnsbackend.oxmite.com/api/auth/login'),
  headers: {'Content-Type': 'application/json'},
  body: jsonEncode({
    'email': 'john@example.com',
    'password': 'secret123',
    'app_name': 'vpn_pro',   // ← must match registration
  }),
);
final token = jsonDecode(response.body)['data']['token'];
curl -X POST https://vpnsbackend.oxmite.com/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{
    "email": "john@example.com",
    "password": "secret123",
    "app_name": "vpn_pro"
  }'
{
  "success": true,
  "message": "Login successful",
  "data": {
    "user": {
      "id": "64abc...",
      "name": "John Doe",
      "email": "john@example.com",
      "status": "active",
      "app_name": "vpn_pro"
    },
    "token": "eyJhbGci..."
  }
}

POST /auth/admin/login

Admin login. Uses static credentials configured on the server.

POST /auth/admin/login No auth required
FieldTypeRequiredDescription
emailstringrequiredAdmin email
passwordstringrequiredAdmin password
cURL
curl -X POST https://vpnsbackend.oxmite.com/api/auth/admin/login \
  -H "Content-Type: application/json" \
  -d '{"email":"admin@gmail.com","password":"admin@gmail.com"}'

GET /users/profile

Returns the currently authenticated user's profile.

GET /users/profile 🔒 User token required
Flutter/Dart
Response
final response = await http.get(
  Uri.parse('https://vpnsbackend.oxmite.com/api/users/profile'),
  headers: {'Authorization': 'Bearer $token'},
);
{
  "success": true,
  "data": {
    "_id": "64abc...",
    "name": "John Doe",
    "email": "john@example.com",
    "status": "active",
    "usageLimit": 1024,
    "app_name": "vpn_pro"
  }
}

POST /vpn/usage

Record VPN data consumed. The app_name is automatically inherited from the logged-in user — no need to send it here.

POST /vpn/usage 🔒 User token required
FieldTypeRequiredDescription
usageMBnumberrequiredMB consumed in this session (≥ 0)
The record is automatically tagged with the user's app_name. You don't need to send it again.
Flutter/Dart
Response
final response = await http.post(
  Uri.parse('https://vpnsbackend.oxmite.com/api/vpn/usage'),
  headers: {
    'Content-Type': 'application/json',
    'Authorization': 'Bearer $token',
  },
  body: jsonEncode({'usageMB': 25.5}),
);
{
  "success": true,
  "message": "VPN usage recorded successfully",
  "data": {
    "id": "64def...",
    "userId": "64abc...",
    "usageMB": 25.5,
    "app_name": "vpn_pro",
    "totalUsage": 125.5,
    "limit": 1024,
    "date": "2026-06-08T10:00:00.000Z"
  }
}

GET /vpn/usage

GET /vpn/usage 🔒 User token required
Flutter/Dart
Response
final response = await http.get(
  Uri.parse('https://vpnsbackend.oxmite.com/api/vpn/usage'),
  headers: {'Authorization': 'Bearer $token'},
);
{
  "success": true,
  "data": {
    "userId": "64abc...",
    "totalUsageMB": 125.5,
    "usageLimit": 1024,
    "remainingLimit": 898.5,
    "usageCount": 5,
    "records": [...]
  }
}

GET /admin/users

Get all users. Filter by app using ?app_name= query param.

GET /admin/users?app_name=vpn_pro 🔒 Admin token
Query ParamRequiredDescription
app_nameoptionalFilter to a specific app. Omit to get users from all apps.

PATCH /admin/users/:userId/status

PATCH /admin/users/:userId/status 🔒 Admin token
Body FieldTypeValues
statusstring"active" or "blocked"

GET /admin/users/:userId/usage-limit

GET /admin/users/:userId/usage-limit 🔒 Admin token

Returns current usage limit, current usage in MB, remaining, and usage percentage for the user.

POST /admin/users/:userId/usage-limit

POST /admin/users/:userId/usage-limit 🔒 Admin token

Set a usage limit for the first time. Returns 400 if a limit already exists — use PUT instead.

Body FieldTypeDescription
usageLimitnumberLimit in MB (≥ 0)

PUT /admin/users/:userId/usage-limit

PUT /admin/users/:userId/usage-limit 🔒 Admin token

Update (overwrite) the usage limit for a user.

Body FieldTypeDescription
usageLimitnumberNew limit in MB (≥ 0)

GET /admin/vpn-usage

Aggregated VPN usage for all users. Filter by app using ?app_name=.

GET /admin/vpn-usage?app_name=vpn_pro 🔒 Admin token
Query ParamRequiredDescription
app_nameoptionalFilter to a specific app. Omit to see all apps combined.
Response
{
  "success": true,
  "count": 3,
  "data": [
    {
      "userId": "64abc...",
      "userName": "John Doe",
      "userEmail": "john@example.com",
      "userStatus": "active",
      "usageLimit": 1024,
      "app_name": "vpn_pro",
      "totalUsageMB": 125.5,
      "usageCount": 5,
      "lastUsage": "2026-06-08T10:00:00.000Z"
    }
  ]
}

GET /admin/vpn-usage/:userId

GET /admin/vpn-usage/:userId 🔒 Admin token

Returns full usage record list for a single user including their app_name, current usage, and remaining limit.

Quick Reference

MethodEndpointAuthNotes
POST/auth/registerSend app_name
POST/auth/loginSend app_name
POST/auth/admin/login
GET/users/profileUser
POST/vpn/usageUserapp_name auto-inherited
GET/vpn/usageUser
GET/admin/usersAdmin?app_name= filter
PATCH/admin/users/:id/statusAdmin
GET/admin/users/:id/usage-limitAdmin
POST/admin/users/:id/usage-limitAdminFirst-time set
PUT/admin/users/:id/usage-limitAdminUpdate existing
GET/admin/vpn-usageAdmin?app_name= filter
GET/admin/vpn-usage/:userIdAdmin

VPN Backend API v2.0 · Generated 2026