PrismSMP API
A read-only JSON HTTP API for the PrismSMP Minecraft server. Look up player stats, ranks, and balances, or search the auction house — from a Discord bot, a web tool, or anything else that can send an HTTP request.
Who this is for
You're a player (or building on behalf of one) who wants to write tools against PrismSMP's data — most commonly a Discord bot that answers things like "what's my balance", "what rank is this player", or "who's selling netherite right now". The API is read-only: it hands back JSON, it doesn't let you change anything in-game.
Two things to know before anything else
1. Get your API key in-game
Run /api key on the PrismSMP server. It prints your personal API key in chat.
Running it again shows the same key — it does not rotate on its own.
If your key ever leaks (committed to a public repo, pasted in a public Discord channel,
etc.), run /api regenerate. That immediately invalidates the old key and issues
you a new one. Anything still using the old key will start getting 401
responses until you update it.
| Command | Effect |
|---|---|
/api key | Shows your current key. Safe to run repeatedly — same key every time. |
/api regenerate | Invalidates your old key and issues a brand new one. Use this if your key leaks. |
2. Every request needs one header
Authentication is a single request header — there's no OAuth flow, no login endpoint, no session tokens.
X-API-Key: your-api-key-here
That's the entire auth model. See Authentication & Rate Limits for the details on rate limiting, revocation, and what a key can and can't see.
Quickstart
Before reading further, confirm your key actually works by hitting
/api/health — it's the cheapest possible request and will immediately tell you
if your key or base URL is wrong.
This API lives at https://api.prismsmp.net — that's the value to use
everywhere these docs show API_BASE.
API_BASE="https://api.prismsmp.net"
API_KEY="your-api-key-here"
curl -s "$API_BASE/api/health" \
-H "X-API-Key: $API_KEY"
A working key against a healthy server returns:
{
"status": "ok"
}
If you get a 401 instead, double check the header name (X-API-Key,
not Authorization) and that you copied the whole key. If you get nothing at all,
double check API_BASE — that's a connectivity problem, not an auth problem.