# Netcup SCP API — Authentication Netcup's Server Control Panel (SCP) uses Keycloak for authentication. Credentials live in `/root/.hermes/.env` as `NETCUP_CUSTOMER`, `NETCUP_PASSWORD`. ## Token endpoint ``` POST https://servercontrolpanel.de/realms/scp/protocol/openid-connect/token Content-Type: application/x-www-form-urlencoded grant_type=password client_id=scp username= password= ``` ## Pitfalls ### `customer#` prefix breaks auth **Wrong:** `username=customer%23389212` → `{"error":"invalid_grant","error_description":"Invalid user credentials"}` **Right:** `username=389212` — just the customer number, no prefix. The memory stored the format as `customer# + password` which wasted ~10 minutes on Jul 10, 2026. The actual Keycloak username is just the numeric customer ID. ### Different endpoints The old SCP endpoint pattern (`/scp-core/api/v1/auth/token`) is deprecated. Use the Keycloak realm endpoint above. ## Server listing ``` GET https://servercontrolpanel.de/scp-core/api/v1/servers Authorization: Bearer ``` Response is a JSON array of server objects with `id`, `name`, `hostname`, `nickname`, `template.name`. ## Fields NOT in the response The API does NOT return `status`, `mainip`, or `creationdate`. To get IP, query a specific server by ID.