PrismSMP API Docs

PrismSMP API

A read-only JSON HTTP API for the PrismSMP Minecraft server. Look up player stats, ranks, and balances, or search the auction house — from a Discord bot, a web tool, or anything else that can send an HTTP request.

Who this is for

You're a player (or building on behalf of one) who wants to write tools against PrismSMP's data — most commonly a Discord bot that answers things like "what's my balance", "what rank is this player", or "who's selling netherite right now". The API is read-only: it hands back JSON, it doesn't let you change anything in-game.

Two things to know before anything else

1. Get your API key in-game

Run /api key on the PrismSMP server. It prints your personal API key in chat. Running it again shows the same key — it does not rotate on its own.

If your key ever leaks (committed to a public repo, pasted in a public Discord channel, etc.), run /api regenerate. That immediately invalidates the old key and issues you a new one. Anything still using the old key will start getting 401 responses until you update it.

CommandEffect
/api keyShows your current key. Safe to run repeatedly — same key every time.
/api regenerateInvalidates your old key and issues a brand new one. Use this if your key leaks.

2. Every request needs one header

Authentication is a single request header — there's no OAuth flow, no login endpoint, no session tokens.

http
X-API-Key: your-api-key-here

That's the entire auth model. See Authentication & Rate Limits for the details on rate limiting, revocation, and what a key can and can't see.

Quickstart

Before reading further, confirm your key actually works by hitting /api/health — it's the cheapest possible request and will immediately tell you if your key or base URL is wrong.

API_BASE

This API lives at https://api.prismsmp.net — that's the value to use everywhere these docs show API_BASE.

bash
API_BASE="https://api.prismsmp.net"
API_KEY="your-api-key-here"

curl -s "$API_BASE/api/health" \
  -H "X-API-Key: $API_KEY"

A working key against a healthy server returns:

json 200 OK
{
  "status": "ok"
}

If you get a 401 instead, double check the header name (X-API-Key, not Authorization) and that you copied the whole key. If you get nothing at all, double check API_BASE — that's a connectivity problem, not an auth problem.

What's next