1. Authentication (HMAC) 2. Fetching the Store 3. Downloading Packages

SGL Cloud API Documentation

Integrate the SGL App Store directly into your CMS panels.

1. Authentication (HMAC)

Every request to the SGL Cloud API must be signed using HMAC SHA-256 to prevent tampering and replay attacks. You must send the following HTTP headers:

X-SGL-Client: Your Cloud Email (e.g., admin@sglprime.com)
X-SGL-Timestamp: Current Unix timestamp.
X-SGL-Domain: The domain requesting the resource (e.g., site.com).
X-SGL-Signature: The HMAC hash.

How to calculate the signature (PHP):

$dataToSign = $endpoint . $timestamp . $domain . json_encode($payload);
$signature = hash_hmac('sha256', $dataToSign, $apiKey);

2. Fetching the Store

Endpoint: GET /api/v1/store?type=plugin

Returns a JSON array of available plugins or templates.

{
  "success": true,
  "data": [
    {
      "id": "sgl_chat",
      "name": "SGL Chat Pro",
      "description": "...",
      "version": "1.1.0",
      "price": 0,
      "is_premium": false,
      "type": "plugin"
    }
  ]
}

3. Downloading Packages

Endpoint: GET /api/v1/download?item_id={slug}

This endpoint returns a raw ZIP stream if the signature is valid and the domain has an active license (if the product is premium). Ensure your client-side code saves the stream directly to a file.

Note: Premium products are domain-locked. If a request is made for a premium product from an unauthorized domain, it will return a 403 Forbidden.