Description
The REST API of tshock allows for increased functionality and interaction with the server through web-based commands.
The API works through what are called "end points" which are basically commands that are send to the server through a URL.
Note:
While most of this information is accurate (setting it up, acquiring a token), this documentation is quite old, and more endpoints have been added or changed. Please visit us in Slack if you require more assistance with the API.
Technical Information:
All responses by the API are JSON encoded.
Setting it all up
To use the API first it must be enabled. You can enable it through the config.json file that is created by the tshock server.
To enable the REST API find the following lines in the config.json file:
"RestApiEnabled": false,
"RestApiPort": 7878,
Change the "false" to "true" and restart the server.
Next you will have to create a token. A token is a unique string that identifies you to the server. To create a token visit the
following URL in your web-browser or, if you are a developer, get your program to access it:
http://IP-ADDRESS-OF-SERVER:RESTAPI-PORT/v2/token/create?username={username}&password={password}
If you ever need to destroy a token then you would use
http://IP-ADDRESS-OF-SERVER:RESTAPI-PORT/token/destroy/{token}?token={token}
It's important to note that REST tokens generated in this fashion will not be persisted across sessions.
If you want REST tokens that are usable across sessions (i.e., after server restarts), you can create Application REST Tokens in the TShock config.json file.
Note:
Your Application REST Token's name should be hard to guess!
Anyone who knows the token name can use it.Restrict the permissions on the usergroup you assign to the user you use for your tokens in order to avoid security breaches!
"ApplicationRestTokens": {
"This_Is_Your_Token_Name_And_Should_Be_Hard_To_Guess": {
"Username": "This should be an existing username",
"UserGroupName": "This should be the group belonging to the user"
},
"REST_BAN_MANAGER_TOKEN_61238": {
"Username": "REST_Banner",
"UserGroupName": "REST_Ban_Group"
}
}
Usage
End-points are fairly self-explanatory however a few things that may not be: When using the REST API the token
that you created in "setting it all up" must be appended as a parameter in about 90% of the end-points (these
will be shown in the references at the bottom of the page).
The API is used in the following manner:
http://IP-ADDRESS-OF-SERVER:RESTAPI-PORT/endpoint?token={token}
in other words, if you wanted to get a list of all the players that are currently on the server then you would
use it as such:
http://127.0.0.1:7878/lists/players?token={token}
or say you needed to add extra parameters to the call? This would be accomplished in the following method:
http://127.0.0.1:7878/v2/players/read?player=someplayer&token={token}
As you can see all parameters are simply separated by an ampersand (the & symbol).
End Points
Status codes
Status Code | Meaning |
---|---|
HTTP 200 | The command succeed and the return may also include a "response" message. |
HTTP 400 | There was an error and the return will include an error message providing additional information about the failure. |
HTTP 401 | A secure endpoint (which requires an authenticated token) was used without supplying an authenticated token. |
HTTP 403 | Returned solely by the token creation endpoint, this value indicates that the supplied credentials are invalid. |
HTTP 404 | The endpoint does not exist. |
Server Commands
/status
Description: Prints out a basic information about the servers status
Parameters: N/A
Returns:
name - Server name
port - Port the server is running on
playercount - Number of players currently online
players - Player names separated by a comma
/tokentest
Description: Tests the token to see if it is valid
Parameters:
token - The token to be tested
Returns:
response - A response message
/v2/token/create
Description: Creates an authenticated token for use with other endpoints
Parameters:
username - User with which to authenticate the token
password - User's password
%20 and + can be used to replace whitespace in usernames and passwords.
Returns:
HTTP 200 if the authentication succeeds
HTTP 403 if the authentication fails
response - Error message if the authentication failed, else an authenticated token.
200 response:
https://ip:port/v2/token/create?username=example&password=example
{
"status": "200",
"response": "Successful login",
"token": "F7FCC991A229448AE73C6179DFD4815E73AD69BA44FA2A0063FCD6286BBCDAB4"
}
403 response:
https://ip:port/v2/token/create?username=example&password=example
{
"status": "403",
"error": "Username or password may be incorrect or this account may not have sufficient privileges."
}
/v2/server/broadcast
Description: Performs a server broadcast to all players on the server
Parameters:
token - A valid token
msg - The message to broadcast
Returns:
response - A response message
/v2/server/off
Description: Shuts down the server
Parameters:
token - A valid token
confirm - A bool value confirming whether or not to shut down the server
nosave - A bool value indicating whether or not to save the world before shutting down the server
Returns:
response - A response message
/v2/server/status
Description: Prints out details about the status of the currently running server
Parameters:
players - A bool value indicating if the status response should include player information
rules - A bool value indicating if the status response should include rule information
- values indicating player columns which players must match to be returned if player output is enabled
Returns:
name - Server name
port - Port the server is running on
playercount - Number of players currently online
maxplayers - The maximum number of players the server support
world - The name of the currently running world
players - (optional) an array of players including the following information: nickname, username, ip, group, active, state, team
rules - (optional) an array of server rules which are name value pairs e.g. AutoSave, DisableBuild etc
/v2/server/rawcmd
Description: Issues a raw command on the server just as if you typed it into the console.
Parameters:
token - A valid token
cmd - The command to execute on the server
Returns:
response - The response from the executed command
User Commands
/v2/users/activelist
Description: Returns a list of currently active users on the server
Parameters:
token - A valid token
Returns:
activeusers - List of active users separated by a tab character
/v2/users/read
Description: Returns information about a specified user
Parameters:
token - A valid token
type - (defaults to name) name, id or ip indicating what the "user" parameter refers to
user - The name, ip or id of a currently registered user
Returns:
group - The group the user belong's to
id - The user's ID
name - The name of the user
ip - The ip of the user
/v2/users/create
Description: Creates a user in the database
Parameters:
token - A valid token
type - (defaults to name) name, id or ip indicating what the "user" parameter refers to
user - The name of the user to register
password - The password you wish to assign to the user
group - The group you wish to assign to the user
ip - The ip you wish to assign to the user
Returns:
response - A response message
/v2/users/destroy
Description: Deletes a user from the database
Parameters:
token - A valid token
type - (defaults to name) name, id or ip indicating what the "user" parameter refers to
user - The name, ip or id of a currently registered user
Returns:
response - A response message
/v2/users/update
Description: Edits the settings of a user
Parameters:
token - A valid token
type - (defaults to name) name, id or ip indicating what the "user" parameter refers to
user - The name, ip or id of a currently registered user
password - The new password you wish to assign to that user (optional)
group - The new group you wish to assign to that user (optional)
Returns:
response - A response message
Ban Commands
/bans/create
Description: Bans a player from the server
Parameters:
token - A valid token
ip - The IP address of the user being banned (optional)
name - The username of the user being banned (optional)
reason - The reason for banning the user (optional)
Returns:
response - A response message
/v2/bans/read
Description: Displays information on a ban
Parameters:
token - A valid token
type - either "user" or "ip" depending
user - Either the username or the IP address
Returns:
name - The username of the player
ip - The IP address of the player
reason - The reason the player was banned
/v2/bans/destroy
Description: Removes a player/IP from the ban list
Parameters:
token - A valid token
ban- Either the username or the IP address
type - either "user" or "ip" depending
Returns:
response - A response message
/v2/bans/list
Description: Prints out all banned players currently in the database
Parameters:
token - A valid token
Returns:
bans - A array of all the currently banned players including: name, ip & reason
Player Commands
/v2/players/list
Description: Prints out all players that are currently on the server.
Parameters:
token - A valid token
Returns:
players - A list of all current players on the server, separated by a comma.
/v2/players/read
Description: Prints out detailed information about a player
Parameters:
token - A valid token
player - An active player's nickname
Returns:
nickname - The player's nickname
username - The player's username (if they are registered)
ip - The player's IP address
group - The group that the player belong's to
position - The player's current position on the map
inventory - A list of all items in the player's inventory
buffs - A list of all buffs that are currently affecting the player
/v2/players/kick
Description: Kicks a player from the server
Parameters:
token - A valid token
player - A current player's nickname
reason - The reason for kicking the player (optional)
Returns:
response - A response message
/v2/players/ban
Description: Bans a player from the server
Parameters:
token - A valid token
player - A current player's nickname
reason - The reason for banning the player (optional)
Returns:
response - A response message
/v2/players/kill
Description: Kills a player on the server
Parameters:
token - A valid token
player - A current player's nickname
Returns:
response - A response message
/v2/players/mute
Description: Mutes a player on the server
Parameters:
token - A valid token
player - A current player's nickname
reason - The reason for muting the player (optional)
Returns:
response - A response message
/v2/players/unmute
Description: Unmutes a player on the server
Parameters:
token - A valid token
player - A current player's nickname
reason - The reason for un-muting the player (optional)
Returns:
response - A response message
World Commands
/world/read
Description: Prints out a lot of information about the world being run on the server.
Parameters:
token - A valid token
Returns:
name - The world name
size - The dimensions of the world
time - The current time in the world
daytime - Bool value indicating whether it is daytime or not
bloodmoon - Bool value indicating whether there is a blood moon or not
invasionsize - The current invasion size
/world/meteor
Description: Spawns a meteor in the world
Parameters:
token - A valid token
Returns:
response - A response message
/world/bloodmoon/{bool}
Description: Turns blood moon on or off
Parameters:
token - A valid token
Returns:
response - A response message
/v2/world/save
Description: Saves the world. (Same as using the /save command in the console)
Parameters:
token - A valid token
Returns:
response - A response message
/v2/world/autosave/state/{bool}
Description: Turns the auto-save feature on or off
Parameters:
token - A valid token
Returns:
response - A response message
/v2/world/butcher
Description: Kills all NPCs on the map.
Parameters:
token - A valid token
killfriendly - Bool value indicating whether or not to kill friendly NPCs
Returns:
response - A response message
Group Commands
/v2/groups/create
Description: Creates a new group on the server
Parameters:
token - A valid token
group - The name of the new group
parent - The name of the new groups parent group
permissions - A comma separated list of permissions for the new group.
chatcolor - A color in R,G,B form e.g. 255,255,255
Returns:
response - A response message
Note:
Permissions prefixed with ! will become negated permissions which cancel the inheritance of a permission from parent groups
/v2/groups/destroy
Description: Destroys a existing group
Parameters:
token - A valid token
group - The name of the group to destroy
Returns:
response - A response message
/v2/groups/list
Description: Returns an array of the groups configured on the server
Parameters:
token - A valid token
Returns:
groups - An array of the groups configured on the server including: name, parent & chatcolor
/v2/groups/read
Description: Returns detailed information about the requested group
Parameters:
token - A valid token
group - The name of the group to return information about
Returns:
name - The name of the group
parent - The name of the parent of this group
chatcolor - The chat color of this group
permissions - An array of permissions assigned "directly" to this group
negatedpermissions - An array of negated permissions assigned "directly" to this group
totalpermissions - An array of the calculated permissions available to members of this group due to direct permissions and inherited permissions
/v2/groups/update
Description: Returns an array of the groups configured on the server
Parameters:
token - A valid token
group - The name of the group to update
parent - The new parent for the group (optional)
chatcolor- The new chat color for the group (optional)
permissions - The new permissions, comma separated and with ! prefix to indicate a negated permission, for the group (optional)
Returns:
response - A response message
Misc Information
{
“status”: “200”,
blah,
blah
}