# Web API
## Introduction
The Web API configuration file (`web_api.json`) manages the built-in web server for API endpoints, webhooks, and external integrations.
***
## Port
**Type:** String
Server port for the Web API.
```json
port: "3111"
```
The bot will listen for HTTP requests on this port.
***
## Authentication Key
**Type:** Array of Strings
API keys required to access endpoints.
```json
authentication_key: ['09563-34763-36235-36235', 'second-key-here']
```
{% hint style="danger" %}
**Security Warning:** Change the default authentication key immediately! Never share these keys publicly.
{% endhint %}
Requests must include one of these keys in the authentication header.
***
## Whitelisted IPs
**Type:** Array of Strings
IP addresses allowed to access the API.
```json
whitelisted_ips: ['18.209.80.3', '54.87.231.232', '203.0.113.0']
```
**Default IPs included:**
* `18.209.80.3` - Tebex server
* `54.87.231.232` - Tebex server
{% hint style="warning" %}
**Important:** Do not remove the Tebex IPs if you use the Tebex integration, or webhooks will fail.
{% endhint %}
***
## Secure Mode
**Type:** Boolean
Restrict API to whitelisted IPs only.
```json
secure_mode: false
```
**When `true`:** Only whitelisted IPs can access the API (still requires authentication)\
**When `false`:** All IPs can access with valid authentication key
***
## Base IP
**Type:** String
Base URL for API hooks and webhooks.
```json
base_ip: "bot.example.com"
```
**Format options:**
* With domain: `"bot.example.com"` or `"api.example.com"`
* Without domain: `"192.168.1.100:3111"` (IP:port format)
Used to construct full URLs for external services like Tebex webhooks.
***
## Rate Limit
Prevent API abuse with request limiting.
### enabled
**Type:** Boolean
Enable rate limiting.
```json
rate_limit: {
enabled: true,
}
```
***
### window\_ms
**Type:** Number
Time window for rate limit in milliseconds.
```json
window_ms: 300000
```
**Example:** `300000` = 5 minutes (300,000 milliseconds)
After this window elapses, the request count resets for that client.
***
### max
**Type:** Number
Maximum requests per window.
```json
max: 150
```
Clients exceeding this limit during the time window will be rate limited.
***
### proxied
**Type:** Boolean
Whether API is behind a reverse proxy.
```json
proxied: false
```
**When `true`:** Bot uses proxy headers to identify real client IP (required for Nginx/Apache)\
**When `false`:** Direct connection IP is used
{% hint style="info" %}
**Reverse Proxy Users:** If you use Nginx, Apache, or Cloudflare in front of the bot, set this to `true` to ensure correct IP detection for rate limiting and security.
{% endhint %}
***
### proxies\_between\_user\_and\_server
**Type:** Number
Number of proxy layers between client and bot.
```json
proxies_between_user_and_server: 1
```
Only relevant when `proxied` is `true`.
**Examples:**
* Direct proxy: `1`
* Cloudflare + Nginx: `2`
***
## Complete Configuration Example
Here's a production-ready Web API configuration:
```json
{
config: {
port: "3111",
authentication_key: ['your-secure-key-here-change-this'],
whitelisted_ips: [
'18.209.80.3', // Tebex
'54.87.231.232', // Tebex
'203.0.113.10', // Your server IP
],
secure_mode: true,
base_ip: "api.yourserver.com",
rate_limit: {
enabled: true,
window_ms: 300000,
max: 150,
proxied: true,
proxies_between_user_and_server: 1,
},
},
}
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.iynxdev.com/configuration-files/web-api.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.