1.3 KiB
Netcup SCP API — Authentication
Netcup's Server Control Panel (SCP) uses Keycloak for authentication. Credentials live in /root/.hermes/.env as NETCUP_CUSTOMER, NETCUP_PASSWORD.
Token endpoint
POST https://servercontrolpanel.de/realms/scp/protocol/openid-connect/token
Content-Type: application/x-www-form-urlencoded
grant_type=password
client_id=scp
username=<customer-number>
password=<password>
Pitfalls
customer# prefix breaks auth
Wrong: username=customer%23389212 → {"error":"invalid_grant","error_description":"Invalid user credentials"}
Right: username=389212 — just the customer number, no prefix.
The memory stored the format as customer# + password which wasted ~10 minutes on Jul 10, 2026. The actual Keycloak username is just the numeric customer ID.
Different endpoints
The old SCP endpoint pattern (/scp-core/api/v1/auth/token) is deprecated. Use the Keycloak realm endpoint above.
Server listing
GET https://servercontrolpanel.de/scp-core/api/v1/servers
Authorization: Bearer <access_token>
Response is a JSON array of server objects with id, name, hostname, nickname, template.name.
Fields NOT in the response
The API does NOT return status, mainip, or creationdate. To get IP, query a specific server by ID.