Overview
The Free Fire Account UID Validation API is designed to provide your application with a rock-solid, real-time mechanism for verifying the existence and basic metadata of any Free Fire player across Garena’s global server network. Whether you are building tournament registration forms, community leaderboards, reward distribution systems, or any workflow where you need to ensure that a user-submitted identifier corresponds to a legitimate in-game account, this API delivers the necessary checks in a matter of milliseconds. Under the hood, every call goes through a highly optimized, caching-enabled proxy that minimizes calls to the upstream Garena endpoints, ensuring low latency and high reliability even under sustained load.
Highlights:
- Instant Verification: Returns a boolean
validflag along with friendly messages for both success and failure cases. - Detailed Profile Data: When a UID is valid, additional fields such as
AccountName,AccountRegion, andAccountLevelare provided to give immediate context to the validated user. - Universal Integration: Offers both
GETandPOSTinterfaces so you can implement your checks in URL-driven scripts, server-side functions, or complex multi-step workflows. - Scalable Infrastructure: Hosted on Vercel with global edge caching plus Secure authentication and daily quota enforcement—ideal for projects of any size or region.
// Quick JavaScript example using fetch:
fetch(
"https://developers2-hlgamingofficial.vercel.app/main/games/freefire/validation/api" +
"?sectionName=freefireValidation" +
"&useruid=YOUR_DEV_UID" +
"&api=YOUR_API_KEY" +
"&uid=12345678" +
"®ion=SG"
)
.then(response => response.json())
.then(data => console.log("Validation Result:", data))
.catch(err => console.error("Error calling API:", err));
Authentication
All requests to the FreeFire UID Validation API require two mandatory authentication credentials:
useruid— your unique HL Gaming Official Developer UID, used to identify your account.api— your secret API key, used to authenticate and authorize each request.
Both values are validated on every request. If either is missing, invalid, or mismatched, the server will respond with:
HTTP/1.1 403 Unauthorized
{
"error": "Authentication failed: invalid or missing credentials."
}
api key like a password:
- Never embed it in public repositories or client-side JavaScript.
- Rotate keys periodically and immediately revoke compromised ones.
- Use environment variables or a secure secrets manager to store it.
Including Credentials in Requests
Credentials can be sent via URL parameters (GET) or in the JSON body (POST):
// GET request example
?sectionName=freefireValidation&useruid=dev123UID&api=abcDEFkey123&uid=12345678®ion=SG
// POST request example
{
"sectionName": "freefireValidation",
"useruid": "dev123UID",
"api": "abcDEFkey123",
"uid": "12345678",
"region": "SG"
}
Best Practice: Use POST in production to keep credentials out of browser history and proxy logs.
Obtaining Your Credentials
Before making API calls, you must obtain your personal authentication credentials:
- Developer UID (
useruid) — uniquely identifies your developer account. - API Key (
api) — secret string for request authentication.
Retrieve both from the official developer portal:
https://www.hlgamingofficial.com/p/api.html
- Sign in with your registered developer account.
- Navigate to the API Credentials section.
- Copy your Developer UID into the
useruidparameter. - Copy your API Key into the
apiparameter.
Rate Limits & Plans
Each developer account is assigned a daily quota of validation checks, which resets exactly 24 hours after your first successful call of the previous cycle.
Monitoring your usage.remainingToday field on each response helps you gracefully handle near-quota or quota-exceeded conditions.
If you require higher throughput—such as for large-scale tournaments or analytics workflows—consider upgrading your plan to remove or extend these quotas.
| Plan | Requests / Month | Price | Key Features |
|---|---|---|---|
| Free | 750 | $0 |
• Basic access • Lifetime limited quota • Community support |
| Trial | 3,000 | $0 (5-day trial) |
• Trial access for 5 days • Limited support • Test premium endpoints |
| Essential | 5,000 | $18.99 / mo |
• Priority email support • Basic analytics dashboard • Access to upcoming beta endpoints |
| Starter Popular | 6,000 | $19.99 / mo |
• Priority support • More API endpoints • Full analytics dashboard |
| Basic | 15,000 | $39.99 / mo |
• Enhanced performance • Detailed request logs • Developer resources |
| DevPlus (Quarterly) | 15,000 | $60.99 / 3 mo |
• High-performance API tier • Detailed usage logs • Priority support • Beta feature access |
| Pro | 60,000 | $109.99 / mo |
• Premium support • Advanced analytics • Custom integrations |
| Premium | 150,000 | $259.99 / mo |
• Dedicated account manager • Extended metrics • API usage insights |
| Unlimited | Unlimited | $500 / mo |
• All features unlocked • Enterprise-grade support • Unlimited requests |
Developer Tip: Implement local caching (for example, store valid uid+region pairs for 5–10 minutes) to reduce repetitive calls and improve end-user experience under high concurrency.
Endpoint URL
This is the base URL for the FreeFire Validation API. Append the required query parameters when using the GET method, or send them in the JSON body for POST requests.
Both HTTP methods are fully supported to provide flexibility for different integration styles.
https://developers2-hlgamingofficial.vercel.app/main/games/freefire/validation/api
?sectionName=freefireValidation
&useruid={YOUR_DEV_UID}
&api={YOUR_API_KEY}
&uid={FREEFIRE_UID}
®ion={REGION_CODE}
Tip: Use POST for production to keep sensitive data (like API keys) out of logs and browser history.
Supported Free Fire Regions
The region parameter must match one of the following case-sensitive region codes.
Requests with unsupported codes will return 400 Bad Request.
| Region Code | Region Name |
|---|---|
| IND | India |
| EU | Europe |
| NP | Nepal |
| BD | Bangladesh |
| SG | Singapore (SEA) |
| ME | Middle East (MENA) |
| TH | Thailand |
| VN | Vietnam |
| ID | Indonesia |
| TW | Taiwan |
| RU | Russia |
| PK | Pakistan |
| US | North America |
Note: Region codes are validated server-side. Any typo or lowercase usage will be rejected.
Parameters
The following parameters are mandatory for every request. Missing or invalid parameters will result in error responses.
| Parameter | Required | Type | Description |
|---|---|---|---|
sectionName |
Yes | string | Must be exactly freefireValidation (case-sensitive) to route the request to this validation service. |
useruid |
Yes | string | Your developer UID issued by HL Gaming Official. Used for identifying your account. |
api |
Yes | string | Your confidential API key for authentication. Keep this secure and never expose it in public code. |
uid |
Yes | string | The Free Fire account UID to validate. Usually numeric but may contain other characters depending on account type. |
region |
Yes | string | Two- or three-letter region code (see Supported Regions). Must match exactly, case-sensitive. |
- All parameters are case-sensitive.
- Invalid or missing values trigger
400 Bad Request. - Do not include extra, undocumented parameters — they will be ignored.
Request Examples
This section demonstrates how to call the FreeFire Validation API using both GET and POST methods.
The GET method is quick and easy for testing, while POST is more secure for production use.
Every request must include the required parameters: sectionName, useruid, api, uid, and region.
GET Example
// GET request with query parameters curl "https://developers2-hlgamingofficial.vercel.app/main/games/freefire/validation/api\ ?sectionName=freefireValidation\ &useruid=dev123UID\ &api=abcDEFkey123\ &uid=12345678\ ®ion=SG"
sectionName— Always set tofreefireValidationfor this endpoint.useruid— Your unique developer identifier from the dashboard.api— Your API key; keep this secure.uid— The FreeFire player UID to validate.region— The region code (e.g.,SGfor Singapore).
Tip: GET is best for quick manual tests, but avoid using it for sensitive production data as URLs may be logged.
POST Example
// POST request with JSON body
curl -X POST https://developers2-hlgamingofficial.vercel.app/main/games/freefire/validation/api \
-H "Content-Type: application/json" \
-d '{
"sectionName": "freefireValidation",
"useruid": "dev123UID",
"api": "abcDEFkey123",
"uid": "12345678",
"region": "SG"
}'
Recommended: Use POST in production to send sensitive data in the request body rather than in the URL.
Response Schema
The API always responds in JSON format. The structure is predictable and contains three top-level keys: source, result, and usage.
{
"source": "FreeFire Validation", // Identifies the API service
"result": {
"uid": string, // UID you requested to validate
"region": string, // Region code for the player
"valid": boolean, // true if UID exists, false otherwise
"message": string, // Human-readable status message
"details"?: string, // More context if valid==true
"AccountName"?: string, // Player's display name
"AccountRegion"?: string, // Region name for the account
"AccountLevel"?: number // Player's level
},
"usage": {
"usedToday": number, // API calls made in current cycle
"dailyLimit": number, // Max calls allowed in current plan
"remainingToday": number // Remaining calls for current cycle
}
}
Field Explanations
- source — Always returns
FreeFire Validationto identify the endpoint. - result.uid — The exact UID you sent in the request.
- result.region — Two-letter region code (e.g., SG, BR, IN).
- result.valid — Boolean flag for whether the UID exists.
- result.message — A human-readable explanation of the result.
- result.details — Extra information when valid is true, often including account name and level.
- result.AccountName, result.AccountRegion, result.AccountLevel — Only returned when
validis true. - usage.usedToday — The number of calls you have made today.
- usage.dailyLimit — Your current plan’s daily quota.
- usage.remainingToday — Calls you can still make today.
Note: Always check for optional fields (?) before accessing them to avoid null errors in your application.
Example Responses
These examples show common scenarios when calling the API. The usage object helps you monitor your quota in real-time.
Valid UID
{
"source": "FreeFire Validation",
"result": {
"uid": "12345678",
"region": "SG",
"valid": true,
"message": "UID is valid.",
"details": "User 'FB:ㅤ@GMRemyX' exists in region 'SG' and is at level 67.",
"AccountName": "FB:ㅤ@GMRemyX",
"AccountRegion": "SG",
"AccountLevel": 67
},
"usage": {
"usedToday": 2,
"dailyLimit": 999,
"remainingToday": 997
}
}
This confirms the UID exists. You can safely use the returned account details in your application.
Invalid UID
{
"source": "FreeFire Validation",
"result": {
"uid": "123745678",
"region": "SG",
"valid": false,
"message": "The UID you entered is not valid."
},
"usage": {
"usedToday": 5,
"dailyLimit": 999,
"remainingToday": 994
}
}
The UID does not exist. Use this case to show an error message or prompt the user to re-enter their UID.
Error Responses & Developer Guidance
Our API is designed for high reliability, but in the event of an issue, we provide precise, developer-friendly error responses. Each error includes a clear message so you can debug quickly and get your integration back online without guesswork.
We also maintain 99.9% uptime and offer real-time monitoring on our Status Dashboard. Every error is intentional, well-documented, and actionable — ensuring your development process remains smooth and predictable.
400 Bad Request
{ "error": "Missing required parameters." }
Returned when any of sectionName, useruid, api, uid, or region
is absent, empty, or malformed.
How to resolve: Double-check your request body or query parameters. Refer to the
API Parameters section for required fields and accepted formats.
403 Forbidden
{ "error": "Unauthorized." }
This means your useruid or api key is invalid or revoked.
How to resolve: Verify your credentials in the
HL Gaming Official dashboard
and ensure you are using the latest active API key.
404 Not Found
{ "error": "User not found." }
No matching database record exists for your useruid.
How to resolve: Ensure you are sending the correct UID exactly as it appears in your developer account.
429 Too Many Requests
{ "error": "Quota exceeded." }
Your monthly quota has been reached. All further calls will be temporarily blocked.
How to resolve: Upgrade your plan in the
Pricing & Plans section or wait until your quota resets at the start of the next billing cycle.
502 Bad Gateway
{ "error": "FreeFire Validation unavailable." }
The upstream Garena service is temporarily unreachable or returned an unexpected status.
How to resolve: Retry after 10–30 seconds. Our system automatically retries failed upstream calls for you.
500 Internal Server Error
{ "error": "Internal server error." }
A general server-side error occurred on our end.
How to resolve: No action is required — retry the request after a short delay.
If the issue persists, contact our 24/7 support team for immediate assistance.
💡 Pro tip: Implement try/catch logic and exponential backoff in your client code for a
truly production-ready integration. See our Best Practices Guide for examples.
Best Practices for Optimal API Performance
To get the most reliable, cost-efficient, and high-performance integration, we recommend following these proven best practices. They’re based on real-world usage patterns from our top customers, ensuring your application remains fast, stable, and scalable.
- Client-Side Caching: Cache positive validation results for 5–10 minutes. This prevents unnecessary duplicate requests, reduces API latency, and helps you stay within your monthly quota. Tip: Store cache in-memory for real-time apps, or use a short-lived local/session storage for browser clients.
-
Pre-Validation Checks:
Validate input before sending it to the API.
Ensure
uidmatches your expected format (e.g., numeric) andregionis from our Supported Regions list. This prevents unnecessary failed calls and improves your success rate. -
Graceful Error Handling:
Design your client to handle temporary issues without breaking the user experience.
• Retry
502and500errors after a short delay (e.g., exponential backoff). • For429quota errors, notify the user politely and offer alternatives (e.g., wait until reset, or upgrade plan). This ensures smooth operation even under heavy load. - Monitor & Log: Log all API requests and responses (excluding sensitive data) for debugging and analytics. Use these logs to detect unusual patterns, track API performance, and forecast quota needs.
- Secure Your API Key: Never expose your API key in public repositories or client-side code. Always use a secure backend to make requests, and rotate keys periodically to maintain security compliance.
💡 Pro tip: Implementing these practices not only improves performance but can cut API costs by up to 40%, while delivering a seamless experience to your users. Our Developer Guides have copy-paste ready code snippets for each best practice.(Coming Soon)
Security Recommendations
- Always use
HTTPSto encrypt your credentials in transit. - Store
useruidandapisecurely on your server—never expose them in front-end code. - Rotate your API key every 90 days and immediately revoke any compromised key to minimize risk.
- Restrict outbound network calls from your servers to only the required API domains.
Logging & Analytics
All requests and responses—including timestamps, parameters, and status codes—are logged via Our Database for audit trails. Integrate these logs with your APM or analytics platforms (e.g., Datadog, New Relic) to monitor end-to-end latency, error rates, and usage patterns over time.
FAQ
Q: What if a UID is valid but region is wrong?
A: The API will return valid:false. Always use the exact region code where the account is registered.
Q: How quickly does the quota reset?
A: Exactly 24 hours after your first successful call of the prior cycle. Check usage.remainingToday for real-time quota info.
Changelog
- v4.0.0 — Official launch of Free Fire UID Validation API with real-time existence checks and profile metadata.
Support & Tester
For live API testing, interactive documentation, and dedicated developer support, please visit: HL Gaming Official Support Portal.
Free Fire UID Validation – API Tester
Verify any Free Fire account by entering your HL GAMING credentials and the target UID & region.
Waiting for input...
Contact: Developers | Support
