API Reference - Cerberus Anti-Cheat

Authentication

All API requests must include a valid API key in the Authorization header. Keys are scoped per game and can be managed in your partner dashboard.

API Key Format

Cerberus API keys follow the format crb_{env}_{24-char-token}. Live keys begin with crb_live_; sandbox keys with crb_test_.

crb_live_k9mR2xQpLvN7wBsT4hJcYd

# All requests require this header Authorization: Bearer crb_live_k9mR2xQpLvN7wBsT4hJcYd Content-Type: application/json X-Cerberus-Game: your-game-id

Never expose your crb_live_ key in client-side code or public repositories. Use sandbox keys during development. Rotate compromised keys immediately in the partner dashboard.

Status

Check system health and per-region API availability.

GET /v2/status System health & region availability ▼

Returns real-time health status for all Cerberus subsystems and regional API clusters. No authentication required.

Response 200

"status": "operational", "version": "v2.4.1", "regions": { "us-east": { "status": "operational", "latency_ms": 4 }, "eu-west": { "status": "operational", "latency_ms": 6 }, "ap-southeast": { "status": "operational", "latency_ms": 11 } }, "uptime_30d": 97.8

200 OK

Sessions

A session represents a single protected match or gameplay interval. The SDK calls these endpoints automatically — you only need the REST API if you manage sessions server-side.

POST /v2/sessions/start Begin a protected session ▼

Creates a new monitoring session for a player. Returns a session ID that must be passed to /sessions/end when the match concludes.

Body parameter	Type	Description
player_id required	string	Platform-specific player identifier (e.g. Steam64 ID, Xbox PUID).
match_id required	string	Your game's unique match or lobby identifier.
region optional	string	Server region for latency routing. One of: `us-east`, `eu-west`, `ap-southeast`. Defaults to nearest.
mode optional	string	Monitoring intensity: `standard` or `ranked`. Ranked enables 2x AI sampling rate.

Request

Response 201

{ "player_id": "steam_76561198087654321", "match_id": "match_4f9a2c81", "region": "us-east", "mode": "ranked" }

{ "session_id": "ses_c3f1a29b4d7e", "player_id": "steam_76561198087654321", "match_id": "match_4f9a2c81", "started_at": "2026-05-19T09:14:03Z", "region": "us-east", "mode": "ranked", "expires_at": "2026-05-19T11:14:03Z" }

201 Created

POST /v2/sessions/end Terminate session & get summary ▼

Ends an active session and returns a summary including scan count, flags raised, and final player status. Always call this when a match ends — orphaned sessions auto-expire after 2 hours.

Body parameter	Type	Description
session_id required	string	The session ID returned by `/sessions/start`.
match_outcome optional	string	Final match result for AI baseline calibration: `win`, `loss`, `draw`.

Request

Response 200

{ "session_id": "ses_c3f1a29b4d7e", "match_outcome": "win" }

{ "session_id": "ses_c3f1a29b4d7e", "player_id": "steam_76561198087654321", "duration_seconds": 2847, "started_at": "2026-05-19T09:14:03Z", "ended_at": "2026-05-19T09:61:30Z", "scans_completed": 1423, "flags_raised": 0, "player_status": "clean", "ai_confidence": 0.031 }

200 OK

Bans

Query, issue, and revoke bans. All ban records include a confidence score and the detection layer that triggered the ban. Bans with confidence ≥ 0.95 are issued automatically; lower scores go to manual review.

GET /v2/bans Paginated ban list ▼

Returns a paginated list of bans for your game, sorted by most recent first. Use query parameters to filter by player, reason, or date range.

Query parameter	Type	Description
page optional	integer	Page number, 1-indexed. Default: 1.
limit optional	integer	Results per page. Max: 100. Default: 20.
player_id optional	string	Filter by exact player ID.
reason optional	string	Filter by ban reason: `AIMBOT`, `DMA`, `INJECTION`, `WALLHACK`, `SPEED`.
since optional	ISO 8601	Only return bans after this timestamp.

Response 200

{ "bans": [ { "id": "ban_8f2a1b3c9d0e", "player_id": "steam_76561198012345678", "reason": "AIMBOT", "confidence": 0.994, "detection_head": "AI", "hardware_id": "hw_a1b2c3d4e5f6", "session_id": "ses_7a6b5c4d3e2f", "banned_at": "2026-05-19T08:32:01Z", "expires_at": null, "appeal_status": "none" } ], "total": 2847, "page": 1, "pages": 143, "limit": 20 }

200 OK

POST /v2/bans Issue a manual ban ▼

Manually issue a ban. This is for server-side enforcement (e.g., banning a player based on your own game reports). Cerberus records the ban, propagates it across regions, and fires the ban.created webhook.

Body parameter	Type	Description
player_id required	string	Player to ban.
reason required	string	Ban reason code.
note optional	string	Internal note visible to your team in the partner dashboard.
duration_hours optional	integer	Ban duration in hours. Omit for permanent.

Request

Response 201

{ "player_id": "steam_76561198099887766", "reason": "INJECTION", "note": "Caught via server-side report + replay review", "duration_hours": 720 }

{ "id": "ban_2e4f6a8b0c1d", "player_id": "steam_76561198099887766", "reason": "INJECTION", "source": "manual", "confidence": 1.0, "banned_at": "2026-05-19T09:22:48Z", "expires_at": "2026-06-18T09:22:48Z", "webhook_fired": true }

201 Created

DELETE /v2/bans/{ban_id} Revoke a ban ▼

Revokes an existing ban. Only manually issued bans and appealed auto-bans can be revoked via API. Revoking an auto-ban requires bans:revoke scope on your API key. Fires the ban.revoked webhook.

Response 200

{ "id": "ban_8f2a1b3c9d0e", "revoked": true, "revoked_at": "2026-05-19T10:05:22Z", "reason": "appeal_approved" }

200 OK

Detections

Raw detection events from all four Cerberus heads. Each detection includes a confidence score, the triggering head, and structured evidence metadata.

GET /v2/detections Recent detection events ▼

Returns recent detection events across all players in your game. Includes sub-ban-threshold flags (confidence < 0.95) that did not result in automatic bans. Use this to monitor your detection pipeline and tune alert thresholds.

Query parameter	Type	Description
limit optional	integer	Max results. Default: 50, Max: 200.
head optional	string	Filter by detection layer: `KERNEL`, `AI`, `HW`, `NET`.
min_confidence optional	float	Minimum confidence threshold (0.0–1.0). Default: 0.30.

Response 200

{ "detections": [ { "id": "det_f1e2d3c4b5a6", "player_id": "steam_76561198012345678", "session_id": "ses_7a6b5c4d3e2f", "head": "AI", "category": "AIMBOT", "confidence": 0.994, "resulted_in_ban": true, "ban_id": "ban_8f2a1b3c9d0e", "detected_at": "2026-05-19T08:31:58Z", "evidence": { "aim_correction_ms": 3.2, "headshot_rate": 0.94, "baseline_deviation": 4.71 } }, { "id": "det_a9b8c7d6e5f4", "player_id": "steam_76561198055443322", "session_id": "ses_1a2b3c4d5e6f", "head": "KERNEL", "category": "UNSIGNED_DRIVER", "confidence": 0.881, "resulted_in_ban": false, "ban_id": null, "detected_at": "2026-05-19T07:58:11Z", "evidence": { "driver_name": "mhyprot3.sys", "load_address": "0xfffff800`4a200000", "signed": false } } ], "total": 1204 }

200 OK

Webhooks

Register HTTPS endpoints to receive real-time event notifications. Cerberus signs every payload with HMAC-SHA256 using your webhook secret. Verify the X-Cerberus-Signature header on every delivery.

GET /v2/webhooks List registered webhooks ▼

Returns all webhook endpoints registered for your game.

Response 200

{ "webhooks": [ { "id": "wh_1a2b3c4d5e6f", "url": "https://your-game.com/cerberus/events", "events": ["ban.created", "ban.revoked", "flag.created"], "active": true, "created_at": "2026-03-12T14:00:00Z", "last_fired": "2026-05-19T08:32:01Z", "success_rate": 96.4 } ] }

200 OK

POST /v2/webhooks Register a webhook ▼

Registers a new webhook endpoint. Cerberus will immediately send a test ping to verify the URL is reachable. Store the returned signing_secret securely — it is only shown once.

Body parameter	Type	Description
url required	string	HTTPS endpoint URL. Must return 2xx within 5 seconds.
events required	string[]	Event types to subscribe to. Use `["*"]` for all events.
description optional	string	Internal label for this endpoint.

Request

Response 201

{ "url": "https://your-game.com/cerberus/events", "events": ["ban.created", "ban.revoked", "flag.created", "session.start"], "description": "Production event relay" }

{ "id": "wh_9f8e7d6c5b4a", "url": "https://your-game.com/cerberus/events", "events": ["ban.created", "ban.revoked", "flag.created", "session.start"], "signing_secret": "whsec_p4Kx9mR2nQvL7wBsT1hJcYdF3eG6zA8uE0i", "active": true, "created_at": "2026-05-19T09:30:00Z", "ping_status": "ok" }

201 Created

DELETE /v2/webhooks/{webhook_id} Remove a webhook ▼

Permanently removes a webhook endpoint. In-flight deliveries may still complete. No further events will be dispatched after deletion.

Response 200

{ "id": "wh_9f8e7d6c5b4a", "deleted": true }

200 OK

SDK Quickstart

The Cerberus SDK wraps the REST API for in-process use. It manages authentication, session lifecycle, and callbacks. The REST API is available for server-side integrations where the SDK cannot run.

Full SDK integration guide, C++ reference, Unreal Engine and Unity plugin documentation are available at cerberusac.dev/docs.

SDK vs REST API — when to use each

Scenario	Recommended
In-game session monitoring	SDK
Kernel & memory scanning	SDK (kernel driver required)
Querying bans from a web dashboard	REST API
Issuing manual bans from a game server	REST API
Webhook delivery to your backend	REST API