Securing Access
Logging In
You can access your server on WinterNode using the Game Control Panel.
Once you have created your server, you will receive an email to create an account (check your Spam folder, if it’s not in your inbox).
It will generate a username and will use your email from the Client Area account.
In the email, you will have a button that will give you a form to set up your password for Game Control Panel account.
In the Game Control Panel sign in page, fill in your credentials and press Sign In
.
Alternatively, you can use your Client Area account to login into Game Control Panel by providing Client Area account credentials and pressing Sign In with SSO
.
If you're being asked for a 2FA code, this is because your account has 2FA (Two-factor authentication) enabled, this requires a second step where you need to import the 6-digit code given by the Authentication app you set up on your account.
If you lost the app or don't have the code, you can insert the backup 2FA code, otherwise, open a Client Area Ticket to try to resolve your problem.
Game Panel 2-FA
2-Factor Authentication is an extra step added to logging into an account that helps prevent unauthorized access. When you log into your account you’ll be prompted to provide a token provided by an Authenticator application that’s cryptographically generated from a private code only shared between WinterNode and the Authenticator application. As long as you don’t share those tokens or that code and a third party doesn’t have physical access to the device that you’re using for your Authenticator application. This is a nearly foolproof method of authenticating. For redundancy sakes, you can even save the original token in a password manager or other safe location, in case you lose your device or have multiple devices set up with an Authenticator application ready to go.
It’s highly recommended to use 2FA as a security measure. It is the most secure way to prevent your accounts, and by extension your servers, from getting hacked.
You can find the 2FA setting under the security controls tab on your home page in the Game Panel. Once there you’ll find a box labeled 2-Factor Authentication with a button inside labeled Enable 2-Factor Authentication. Click that button to get your Authentication code and QR code.
After clicking the 2-Factor Authentication button, you’ll be shown a window similar to the one below containing a QR code and a long alphanumeric code next to it. You can scan the QR code using an app like Google Authenticator or Authy or you can enter the code manually into either of the two apps. You can also click the alphanumeric code to copy it into your clipboard.
Make sure to save the alphanumeric code or QR code somewhere in a secure format. Good ways are in a private password manager or encrypted flash drive!
There are a lot of Authenticator apps with many different features, so you might want to try a few out or look at what’s provided by your phone already. If you save the code above then you’ll have no problem switching Authenticator apps!
Getting an API Key
An API Key can be used to interact with the Game Panel API and automate most of the tasks you're able to do manually using the Game Control Panel (GCP). Every request you send to the API will need to be authorized using an API key, most often the same API Key for one project.
You can find the list of your current API Keys on the Security Controls
tab of the GCP Home Page, as shown in the image to the right. After opening the tab you should be navigated to a page similar to the one shown below.
After you've navigated to the Security Controls page and located the credentials list shown in the image to the left, you can find the Create
button in the top right of the Credentials List. This will open a modal similar to the one shown below where you can enter a Memo
, or note, for the API key so that you know what it's for, and a line separated list of IPs you'd like to limit the API Key to, if any.
After creating an API Key using the Modal, it will be added to the Credentials List and you'll receive a notification at the top of the page that a new API Key has been generated. The API Key Entry will contain the Key, the Memo you provided, the last time it was used, and when it was created. At the far right of the key will be a Delete
button allowing you to revoke or delete existing API keys.
You can view the API Key itself by clicking on the spoiler text under the KEY
column and then you can copy it by clicking on the revealed key.