Skip to content

Cobra Accounts

Cobra Accounts is a back-end solution that makes it easy to set up and manage user accounts. It has everything you need: a server part that talks to the internet, a Postgres database to keep all the user info, and client-side code to communicate with the API easily. It uses stateless JWT tokens for robust and secure authentication across various platforms.

It is designed to be very flexible and supports a broad range of platforms including Unity, WPF, MAUI, and even web browsers. Additionally, it can be integrated into other back-end services like online stores for user identification and purchase tracking. Basically it can be your central point of authentication and user identification.

It's made to be easy to plug into your projects and works great with Docker, which means setting it up is a breeze. The system is carefully designed to allow for flexible customization and you have full access to the source code. You can easily modify any aspect to suit your project's needs without the hassle of extensive code overhauls and testing.

Try It Online

Create an account and log in through the Swagger UI to start exploring some of the features.


  1. Create an Account: Choose to enable or disable 2FA according to your preference.
  2. Verify Your Email: Check your email for a verification code and confirm it.
  3. Log In: Use your username/email and password.
  4. 2FA (Optional): If 2FA is enabled, you'll receive a 2FA code by email. Use the login-2fa endpoint for logging in with this code.
  5. Access Account Endpoints: Explore account features available to you.

Note: Admin endpoints are restricted to administrators. While you can't interact with these in real-time, we encourage you to review the full feature list for a comprehensive understanding of what Cobra Accounts offers.

The client-side code includes C# methods corresponding to each of the listed endpoints, enabling you to easily invoke these endpoints by simply calling a method.

Key Features

  • Email Verification: Enhances security by mandating that new users confirm their email addresses. Immediately after signing up, an email is dispatched to the user, featuring a verification link embedded with a distinct code. Clicking on this link verifies the legitimacy of their email.
  • Rate Limiting: Incorporates rate limiting as a proactive measure to shield against DDoS (Distributed Denial of Service) attacks, maintaining server reliability and uptime. This mechanism tracks the volume of requests made by each IP address over a defined time period, effectively mitigating excessive traffic that could overload the server.
  • JWT Authentication: Utilizes JSON Web Tokens (JWT) for secure user authentication. This method embeds crucial user information, such as usernames and emails, within the token itself. This enhances security by simplifying the credential validation process. For instance, when a player logs into your game server using a JWT, their token can be authenticated to retrieve their username or email. As a result, players don't need to provide their email and password each time; they simply send the token, from which you decode and extract all the necessary information.
  • Token Auto-refresh: Offers an optional feature for the automatic renewal of authentication tokens on the client side, enhancing user convenience. Each token has a predefined validity period, expressed in minutes. This auto-refresh process can be automated so that you don't have to explicitly call the refresh endpoint, it will be done in automatically in the background until you wamt the user to be logged out.
  • Administrative Endpoints: Equips administrators with tools to manage user accounts. These tools enable a range of actions, from obtaining detailed user profiles to implementing user deletions, assigning specific roles, or adding custom data to user accounts.
  • Flexible Custom Data Integration: Directly integrate custom C# classes into user accounts with the database through straightforward Read<T> and Write<T> methods. This approach enables the addition of custom data fields without requiring changes to the database schema, providing seamless extension capabilities.
  • User Role Assignment: Enables the assignment of specific roles to users, such as access privileges for purchased games, or admin roles.
  • Automated Data Backup: Features an automatic database backup system designed to protect against data loss and preserve data integrity.
  • Two-Factor Authentication (2FA): Enhances account security by introducing an optional two-factor authentication layer. This feature requires users to enter a secondary code, in addition to their password upon login.
  • Enhanced Secure Cookies: Utilizes secure, server-side cookies to manage user sessions following login, facilitating smooth integration of the account service with both websites and web applications.
  • Customizable Email Templates: Includes a range of customizable email templates for various user interactions such as registration and password changes.
  • Password Recovery: Features a built-in password recovery system that supports customizable HTML content, aiding users in regaining access to their accounts if they forget their password.
  • Flexible User Identification: Enables user identification through either email or username, no need to check if the user ID is a username or email, it is handled automatically.
  • Entity Framework: Utilizes the widely adopted Entity Framework to facilitate efficient and streamlined data management, enhancing the application's overall data handling capabilities.
  • Comprehensive Validation: Ensures rigorous validation of usernames, emails, and passwords on both the server and client side, customizable to fit specific needs.
  • Swagger API Documentation: Comes with comprehensive Swagger OpenAPI documentation, facilitating easy API navigation and exploration.
  • Docker Integration: Specifically designed for Docker to streamline the deployment process, complete with straightforward instructions.
  • HTTPS Configuration: Includes guidelines for setting up encrypted communications, enhancing data transmission security.
  • Custom Domain Setup: Provides instructions for implementing your own custom web domain.
  • Highly Customizable Codebase: Features a well-organized and easily adaptable code structure to meet various development needs.
  • Framework Agnostic C# Implementation: Designed with independence from Unity, all core components are developed in C# and are free of Unity-specific dependencies. This ensures compatibility with any .NET Standard 2.1 or higher environment, allowing for broad application beyond Unity projects.

Cobra Accounts offers a powerful, secure, and flexible user account management platform suitable not just for Unity but for any application and even for websites. It is compatible across all Unity platforms that support web requests, including PC, Android/iOS, Linux, WebGL, and more.