A Node.js client library for 3x-ui panel API that provides easy-to-use methods for managing your 3x-ui server.
- β Authentication - Secure login with automatic session management and cookie handling
- β Security - Built-in input validation, secure headers, and rate limiting
- β Inbound Management - Get, add, update, and delete inbounds
- β Client Management - Add, update, delete clients and monitor traffic
- β Traffic Management - Monitor, reset, and manage traffic limits
- β System Operations - Backup creation and online client monitoring
- β Complete API Coverage - All 19 API routes fully tested and working
npm install 3xui-api-clientThis library can be implemented with the help of Context7 MCP. Use the package name 3xui-api-client to get context and documentation through Context7's Model Context Protocol integration.
Learn more about Context7 MCP for enhanced development experience.
const ThreeXUI = require('3xui-api-client');
const client = new ThreeXUI('https://your-3xui-server.com', 'username', 'password');
// Get all inbounds
client.getInbounds()
.then(inbounds => {
console.log('Inbounds:', inbounds);
})
.catch(error => {
console.error('Error:', error.message);
});Never hardcode your credentials in your code. Use environment variables to store sensitive information.
IMPORTANT NOTE: The
PANEL_URLshould be the root URL of your server WITHOUT the/panelsuffix.
- β Correct:
https://your-domain.com:2053orhttps://your-domain.com/secret-path- β Incorrect:
https://your-domain.com:2053/panelThe library automatically appends
/paneland other necessary paths. Including it in your configuration will cause 404 errors.
- Create a
.envfile in your project root:
PANEL_URL=http://your-server-ip:2053
PANEL_USERNAME=admin
PANEL_PASSWORD=your_secure_password- Install
dotenv:
npm install dotenv- Initialize the client:
require('dotenv').config();
const ThreeXUI = require('3xui-api-client');
const client = new ThreeXUI(
process.env.PANEL_URL,
process.env.PANEL_USERNAME,
process.env.PANEL_PASSWORD
);The client automatically handles authentication. When you make your first API call, it will:
- Login with your credentials
- Store the session cookie
- Use the cookie for subsequent requests
- Automatically re-login if the session expires
For production applications, store the session cookie securely on your server. The login() method returns the cookie for this purpose:
const ThreeXUI = require('3xui-api-client');
class SecureThreeXUIManager {
constructor(baseURL, username, password) {
this.client = new ThreeXUI(baseURL, username, password);
this.sessionCookie = null;
}
async ensureAuthenticated() {
if (!this.sessionCookie) {
const loginResult = await this.client.login();
// The cookie is returned in the login result
this.sessionCookie = loginResult.cookie;
// Store in secure session storage (Redis, database, etc.)
await this.storeSessionSecurely(this.sessionCookie);
} else {
// Restore from secure storage
this.client.cookie = this.sessionCookie;
this.client.api.defaults.headers.Cookie = this.sessionCookie;
}
}
async storeSessionSecurely(cookie) {
// Example: Store in Redis with expiration
// await redis.setex('3xui_session', 3600, cookie);
// Example: Store in database
// await db.sessions.upsert({ service: '3xui', cookie, expires_at: new Date(Date.now() + 3600000) });
}
async getInbounds() {
await this.ensureAuthenticated();
return this.client.getInbounds();
}
}The library includes several security enhancements:
- Input Validation: Validates URLs, usernames, and passwords to prevent injection attacks.
- Secure Headers: Automatically adds security headers to requests.
- Rate Limiting: Prevents abuse by limiting request rates (configurable).
- Error Sanitization: Hides sensitive details in production errors.
new ThreeXUI(baseURL, username, password)baseURL(string): Your 3x-ui server URL (e.g., 'https://your-server.com')username(string): Admin usernamepassword(string): Admin password
const inbounds = await client.getInbounds();
console.log(inbounds);const inbound = await client.getInbound(inboundId);
console.log(inbound);const inboundConfig = {
remark: "My VPN Server",
port: 443,
protocol: "vless",
settings: {
// Your inbound settings
}
};
const result = await client.addInbound(inboundConfig);
console.log('Inbound added:', result);const updatedConfig = {
remark: "Updated VPN Server",
// Other updated settings
};
const result = await client.updateInbound(inboundId, updatedConfig);
console.log('Inbound updated:', result);const result = await client.deleteInbound(inboundId);
console.log('Inbound deleted:', result);const clientConfig = {
id: inboundId,
settings: JSON.stringify({
clients: [{
id: "client-uuid-here",
email: "user23c5n7",
limitIp: 0,
totalGB: 0,
expiryTime: 0,
enable: true
}]
})
};
const result = await client.addClient(clientConfig);const updateConfig = {
id: inboundId,
settings: JSON.stringify({
clients: [/* updated client settings */]
})
};
const result = await client.updateClient(clientUUID, updateConfig);const result = await client.deleteClient(inboundId, clientUUID);const traffic = await client.getClientTrafficsByEmail("user23c5n7");
console.log('Client traffic:', traffic);const traffic = await client.getClientTrafficsById("client-uuid");
console.log('Client traffic:', traffic);// Get client IPs
const ips = await client.getClientIps("user23c5n7");
// Clear client IPs
const result = await client.clearClientIps("user23c5n7");const result = await client.resetClientTraffic(inboundId, "user23c5n7");const result = await client.resetAllTraffics();const result = await client.resetAllClientTraffics(inboundId);const result = await client.deleteDepletedClients(inboundId);const onlineClients = await client.getOnlineClients();
console.log('Currently online:', onlineClients);const result = await client.createBackup();
console.log('Backup created:', result);const tgResult = await client.backupToTgBot();
console.log('Backup sent to Telegram:', tgResult);const status = await client.getServerStatus();
console.log('Server status:', status);For comprehensive guides, examples, and implementation patterns, visit our Wiki:
- π Use Cases & Examples - VPN service provider, server administration, monitoring dashboards
- π Authentication Guide - Secure login and session management
- π Inbound Management - Server configuration and setup
- π₯ Client Management - User account operations
- π Traffic Management - Usage monitoring and billing
- βοΈ System Operations - Backup and maintenance
try {
const inbounds = await client.getInbounds();
console.log(inbounds);
} catch (error) {
if (error.message.includes('Login failed')) {
console.error('Authentication error:', error.message);
} else if (error.response?.status === 401) {
console.error('Unauthorized - check your credentials');
} else {
console.error('API error:', error.message);
}
}- Node.js >= 14.0.0
- 3x-ui panel with API access enabled
- Fork the repository
- Create your feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add some amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
# Run login test
npm run test:login
# Run all tests
npm testThis project is licensed under the MIT License - see the LICENSE file for details.
- π Wiki & Documentation
- π Report Issues
- π¬ Discussions
Helitha Guruge - @iamhelitha