ServerTap is a REST API for Bukkit, Spigot, and PaperMC Minecraft servers. It allows for server admins to query and interact with their servers using simple REST semantics.

Head over to https://github.com/servertap-io/servertap/releases/latest to grab the latest and greatest plugin JAR.

Join the Discord to talk about this plugin https://discord.gg/nSWRYzBMfp

Note: If you have a question please post in the support forum on our discord instead of just asking in general chat. This helps us keep track of issues and questions more effectively and answer your questions quicker.

• Usage
• ServerTap Command
• Current Endpoints
• TLS
• Authentication
• CORS
• Webhooks
• Websockets
  • Authenticating Websockets
• Using the Developer API
• Contributing to ServerTap

Install this plugin by dropping the jar into the plugins/ directory on your server. Then, you can query the server using curl or Postman, or anything that speaks HTTP.

For example, query for information about the server itself:

$ curl http://localhost:4567/v1/server

{
  "name": "Paper",
  "motd": "This is my MOTD",
  "version": "git-Paper-89 (MC: 1.15.2)",
  "bukkitVersion": "1.15.2-R0.1-SNAPSHOT",
  "health": {
    "cpus": 4,
    "uptime": 744,
    "totalMemory": 2010644480,
    "maxMemory": 2010644480,
    "freeMemory": 1332389360
  },
  "bannedIps": [],
  "bannedPlayers": [
    {
      "target": "phybros",
      "source": "Server"
    }
  ]
}

Or get a list of players that are currently online:

$ curl http://localhost:4567/v1/players

[
  {
    "uuid": "55f584e4-f095-48e0-bb8a-eb5c87ffe494",
    "displayName": "phybros",
    "address": "localhost",
    "port": 58529,
    "exhaustion": 3.5640976,
    "exp": 0.45454547,
    "whitelisted": false,
    "banned": false,
    "op": true
  }
]

ServerTap currently supports only one management command in game. The supported subcommands are reload & info which as their names imply let you reload and display basic information about the plugin (version, author, etc).

Note: The Permission for the /servertap Command is servertap.admin.

This plugin self-hosts its own API documentation using Swagger. You can see the full API documentation at http://your-server.net:4567/swagger. You can even explore and test the API right from the UI!

Some examples of capabilities are:

• Ping
• Server
  • Get/Add/Remove Ops
  • Get/Add Whitelist
• Get/Save/List Worlds
• List/Read Scoreboard(s)
• Broadcast
• List/Find Players
• Get/Pay/Debt Economy (W/ Plugin)
• List Plugins

ServerTap supports TLS (a.k.a. SSL) via a Java "keystore" file. You can generate a keystore for yourself using the keytool utility that ships with Java.

Using TLS is highly recommended as it encrypts the requests and responses to/from your server on the wire.

Example:

keytool -genkey -keyalg RSA -alias servertap -keystore selfsigned.jks -validity 365 -keysize 2048

Enter keystore password:
Re-enter new password:
What is your first and last name?
  [Unknown]:
...
<you can mostly answer whatever you want to all these questions>

Make sure to save the output file selfsigned.jks into the plugins/ServerTap directory

Then in config.yml:

tls:
  enabled: true
  keystore: selfsigned.jks
  keystorePassword: testing

Then make sure to use https:// when talking to the API.

TLS optionally supports Server Name Indication (SNI) since v0.5.0. Set tls.sni to true in your config to enable it (expert). 99.9% of users won't need to think about this option and can just leave it false.

Authentication is very rudimentary at this point. Add this to your plugins/ServerTap/config.yml file:

useKeyAuth: true
key: some-long-super-random-string

Then include a Header called key with your specified key on every request to Authenticate.

We need help making this better! See servertap-io#5 for more info.

By default, ServerTap allows cross-origin requests from any origin (*). To change this, change the corsOrigins setting in the config file.

Example:

corsOrigins:
  - https://mysite.com

The setting supports as many origins as you want, just add them to the array.

ServerTap can send webhook messages in response to events on the server.

To use webhooks, just define them in your plugins/ServerTap/config.yml file like so:

webhooks:
  default:
    listener: "https://your-webhook-target.com/whatever"
    events:
    - PlayerJoin
    - PlayerQuit

The webhook requests are POST containing a simple JSON payload:

{
  "player": {
    "uuid": "55f584e4-f095-48e0-bb8a-eb5c87ffe494",
    "displayName": "phybros",
    "address": "localhost",
    "port": 52809,
    "exhaustion": 0,
    "exp": 0.5714286,
    "whitelisted": true,
    "banned": false,
    "op": true
  },
  "joinMessage": "§ephybros joined the game",
  "eventType": "PlayerJoin"
}

The available events are currently:

• PlayerJoin
• PlayerDeath
• PlayerChat
• PlayerKick
• PlayerQuit

ServerTap has a bi-directional websockets interface which allows you to receive server log lines in realtime (no polling!).

Once connected, any server log line that goes through the normal logging filters on the server will come down the websocket in a JSON object like this:

{
  "message": "§6/version: §fGets the version of this server including any plugins in use",
  "timestampMillis": 1631834015918,
  "loggerName": "",
  "level": "INFO"
}

Note: you can use a library like ansicolors to parse the color codes for the browser.

Connect to ws://<host>:4567/v1/ws/console (or use wss:// if you have TLS enabled). The last 1000 server log messages will be sent to the connecting client. You can configure the size of the server log buffer by changing websocketConsoleBuffer in config.yml.

You can also send commands through the WS connection and they will be executed on the server.

Since you can't set headers on websocket connections, you can't use the header key to authenticate like you can with regular API routes.

Instead you must set a cookie called x-servertap-key on the page hosting the websocket connection.

Example:

// set cookie to authenticate the connection
document.cookie = "x-servertap-key=change_me";

this.ws = new WebSocket("ws://localhost:4567/v1/ws/console");

this.ws.onopen = function() {
  console.log("Opened connection");
};

ServerTap provides a Developer API allowing you to register your own Request Handlers and Websockets from your Plugin!

To get ServerTap Builds you can use Jitpack. First, add the Jitpack Repository to your pom.xml:

<repository>
  <id>jitpack.io</id>
  <url>https://jitpack.io</url>
</repository>

Then you can add the following Dependency:

<dependency>
  <groupId>com.github.phybros</groupId>
  <artifactId>servertap</artifactId>
  <version>vX.X.X</version>
  <scope>provided</scope>
</dependency>

Replace the Version with the latest available Releases Version Number.

You can retrieve the API using Bukkits ServiceProvider:

// In your Main Class extended from JavaPlugin, for example in the onEnable() Method
ServerTapWebserverService webserverService = this.getServer().getServicesManager().load(ServerTapWebserverService.class);

The Interface provides you with methods to directly add Endpoints to the Webserver:

webserverService.get("/test/ping", ctx -> ctx.status(200).result("Pong!"));
webserverService.websocket("/test/ws", websocketConfig -> {
    websocketConfig.onMessage(wsMessageContext -> System.out.println(wsMessageContext.message()));
});

Your Endpoints (HTTP & WebSocket) are protected the same way all other Endpoints in the Server are.

The API provides the getWebserver() Method that will return the internal Javalin Instance. This will give you deep access to the Webserver providing you every ability possible. Be careful not to break ServerTaps Functionality (e.g. the AccessManager checking Security)! Use this only if necessary.

You need a few things to get started

• An IDE (e.g. IntelliJ)
• JDK 19
• Maven

Then, you can build the plugin jar by using the mvn package command.