Files

51 lines
2.0 KiB
Markdown

# netcup SCP REST API Authentication
The netcup Server Control Panel (SCP) REST API uses Keycloak (OIDC) password grant for authentication, NOT the CCP API key from Master Data.
## Auth Flow
```
TOKEN=$(curl -s "https://www.servercontrolpanel.de/realms/scp/protocol/openid-connect/token" \
-H "Content-Type: application/x-www-form-urlencoded" \
-d "grant_type=password&client_id=scp&username=${CUSTOMER_NUMBER}&password=${CCP_PASSWORD}&scope=openid" \
| python3 -c "import sys,json; print(json.load(sys.stdin)['access_token'])")
```
### Parameters
| Field | Value | Source |
|-------|-------|--------|
| grant_type | password | OIDC resource owner password flow |
| client_id | scp | Static SCP client ID |
| username | Customer number | e.g. 389212 from CCP Master Data page |
| password | CCP login password | Same as web login password |
| scope | openid | Returns access_token + id_token + refresh_token |
### Token properties
- Access token expires in 300 seconds (5 min)
- Refresh token expires in 1800 seconds (30 min)
- Always obtain a fresh token each collection cycle
## API Endpoints
Base: https://www.servercontrolpanel.de/scp-core/api/v1/
| Endpoint | Response |
|----------|----------|
| GET /servers | Array of servers with id, name, template, disabled, hostname |
| GET /servers/{id} | Full detail: IPv4, IPv6, architecture, disks, RAM |
## Known Working
- RS 2000 G12 — ID 890903, 152.53.192.33
- RS 4000 G12 — IDs 894147 (152.53.36.131), 894148 (152.53.39.202), 894149 (152.53.241.111)
- Template name format: "RS {1000|2000|4000} G12"
## Pitfalls
- /scp-core/api/ NOT /scp-ui/api/ — /scp-ui/ returns HTML even with valid auth
- www subdomain IS required — servercontrolpanel.de does NOT respond
- CCP API Key is NOT for SCP — they use different auth systems
- **Username is bare customer number, NOT `customer#<number>`.** Adding `customer#` prefix returns `invalid_grant` / `Invalid user credentials`. The Keycloak realm expects the bare numeric ID. This was discovered Jul 10, 2026 after multiple failed auth attempts.