User Account Management
Users manage their profile, security settings, API tokens, SSH keys, and active sessions from the account pages in the client area.
Profile
Navigate to Account from the sidebar to update your profile:
- Username - your display name across the panel
- Email - your login email (may require verification if changed)
- First Name / Last Name - optional name fields
- Avatar - upload a profile picture
Password
Change your password from the account page. Enter your current password and your new password (minimum 8 characters). All other active sessions remain valid after a password change.
Two-Factor Authentication
Enable 2FA from Account > Security for additional account protection.
TOTP (Authenticator App)
- Click Enable 2FA.
- Scan the QR code with an authenticator app (Google Authenticator, Authy, etc.).
- Enter the 6-digit code from the app to confirm.
- Save the backup codes displayed. These are one-time recovery codes in case you lose access to your authenticator.
Security Keys (WebAuthn / FIDO2)
- Navigate to Account > Security > Security Keys.
- Click Register Key.
- Follow your browser's prompt to authenticate with your security key (YubiKey, Windows Hello, Touch ID, etc.).
- Give the key a name for identification.
You can register multiple security keys. When logging in, you can use any registered key.
Disabling 2FA
To disable 2FA, navigate to Account > Security and click Disable 2FA. You will need to confirm with your current 2FA method.
OAuth / Linked Accounts
If OAuth providers are configured (see Settings), users can link external accounts from Account > Security:
- Link or unlink Google, Discord, GitHub, or Microsoft accounts
- Linked accounts allow you to log in with a single click
- Unlinking an account removes the SSO option but does not affect your panel account
API Tokens
License Required
API tokens require the API Access license add-on. Without this license, API token management will not be available.
Users can generate personal API tokens for automation, scripts, or third-party integrations.
- Navigate to Account > API Tokens.
- Click Create Token.
- Enter a description and select the permissions the token should have.
- Click Create. The token is displayed once - copy and save it securely.
Tokens use the format bp_ followed by a random string. They cannot be retrieved after creation.
To revoke a token, click Delete next to it in the token list. Revoked tokens stop working immediately.
SSH Keys
Manage SSH public keys for SFTP access to your servers.
- Navigate to Account > SSH Keys.
- Click Add Key.
- Paste your public key (e.g., the contents of
~/.ssh/id_rsa.pub). - Give the key a name.
When connecting via SFTP, you can authenticate using your SSH key instead of your panel password.
Sessions
View all active sessions from Account > Sessions:
- Browser and device information
- IP address
- Last activity time
Click Revoke to end any session. The device associated with that session will be logged out immediately.
Notification Preferences
Configure which notifications you receive from Account > Notification Preferences:
| Preference | Description |
|---|---|
| Server Alerts | Server status changes (started, stopped, crashed) |
| Billing Alerts | Payment and invoice notifications |
| Security Alerts | Login detections and account changes |
| System Announcements | Panel updates and system messages |
| Support Alerts | Ticket replies and updates |
| Email Notifications | Toggle email delivery on/off |
| Email Digest | Choose none, daily, or weekly digest |
Next Steps
- Server Management - managing your game servers
- Dashboard - your panel homepage