Authentication
All endpoints require session cookie via Hytale OAuth.
POST /api/auth/start
Response: { user_code, verification_uri, ... }
GET /api/auth/status?code=<code>
Response: { authenticated: true/false, username?, uuid? }
Command Execution
Send commands to Hytale server.
POST /api/action
Body: { "command": "say hello" }\nResponse: "OK: say hello"
Server Control
POST /api/server/start
POST /api/server/stop
POST /api/server/restart
Response: { success: true/false, message? }
Backups
GET /api/backups
Response: { backups: [{ name, size, date }] }
POST /api/restore
Body: { "backup": "backup.zip" }
Bans
GET /api/bans
POST /api/bans/edit
POST /api/unban