# netcup API — Working Auth + Endpoint ## Auth Flow (Keycloak OIDC Password Grant) The SCP REST API uses Keycloak at `servercontrolpanel.de`, NOT the CCP API key from Master Data. ```bash TOKEN=$(curl -s "https://www.servercontrolpanel.de/realms/scp/protocol/openid-connect/token" \ -H "Content-Type: application/x-www-form-urlencoded" \ -d "grant_type=password&client_id=scp&username=&password=") ``` - **Token URL:** `https://www.servercontrolpanel.de/realms/scp/protocol/openid-connect/token` - **Client ID:** `scp` - **Grant type:** `password` - **Username:** Customer number (e.g. `389212`) - **Password:** CCP login password (same as web login) - **Token type:** Bearer JWT (returns `access_token`, `refresh_token`, `expires_in`) ## API Base URL `https://www.servercontrolpanel.de/scp-core/api/v1/` ## Verified Endpoints | Endpoint | Method | Response | |----------|--------|----------| | `/servers` | GET | Array of server objects with id, hostname, ip, template, status | | `/servers/{id}` | GET | Single server detail (RAM, disk, CPU info) | ## Credentials Storage Stored in `/root/.hermes/.env`: ``` NETCUP_CUSTOMER=389212 NETCUP_PASSWORD= ``` ## Keep-alive Token expires — re-authenticate before each API call: ```bash # 1. Get fresh token # 2. Use it immediately curl -s -H "Authorization: Bearer $TOKEN" "https://www.servercontrolpanel.de/scp-core/api/v1/servers" ```