Skip to content


ServerTap is a REST API for Bukkit, Spigot, and PaperMC Minecraft servers. It allows for server admins to query and interact with their servers using simple REST semantics.

Head over to to grab the latest and greatest plugin JAR.


Join the Discord to talk about this plugin


Install this plugin by dropping the jar into the plugins/ directory on your server.

Then, you can query the server using curl or Postman, or anything that speaks HTTP.

For example, query for information about the server itself:

$ curl http://localhost:4567/v1/server
  "name": "Paper",
  "motd": "This is my MOTD",
  "version": "git-Paper-89 (MC: 1.15.2)",
  "bukkitVersion": "1.15.2-R0.1-SNAPSHOT",
  "health": {
    "cpus": 4,
    "uptime": 744,
    "totalMemory": 2010644480,
    "maxMemory": 2010644480,
    "freeMemory": 1332389360
  "bannedIps": [],
  "bannedPlayers": [
      "target": "phybros",
      "source": "Server"

Or get a list of players that are currently online:

$ curl http://localhost:4567/v1/players
    "uuid": "55f584e4-f095-48e0-bb8a-eb5c87ffe494",
    "displayName": "phybros",
    "address": "localhost",
    "port": 58529,
    "exhaustion": 3.5640976,
    "exp": 0.45454547,
    "whitelisted": false,
    "banned": false,
    "op": true

Current Endpoints

This plugin self-hosts its own API documentation using Swagger. You can see the full API documentation at You can even explore and test the API right from the UI!


there is a known issue that causes the OpenApi plugin to spew tons of logs into your server log. See for details.

Some examples of capabilities are:

  • Ping
  • Server
  • Get/Add/Remove Ops
  • Get/Add Whitelist
  • Get/Save/List Worlds
  • List/Read Scoreboard(s)
  • Broadcast
  • List/Find Players
  • Get/Pay/Debt Economy (W/ Plugin)
  • List Plugins


ServerTap supports TLS (a.k.a. SSL) via a Java "keystore" file. You can generate a keystore for yourself using the keytool utility that ships with Java.

Using TLS is highly recommended as it encrypts the requests and responses to/from your server on the wire.


keytool -genkey -keyalg RSA -alias servertap -keystore selfsigned.jks -validity 365 -keysize 2048

Enter keystore password:
Re-enter new password:
What is your first and last name?
<you can mostly answer whatever you want to all these questions>

Make sure to save the output file selfsigned.jks into the plugins/ServerTap directory

Then in config.yml:

  enabled: true
  keystore: selfsigned.jks
  keystorePassword: testing

Then make sure to use https:// when talking to the API.


Authentication is very rudimentary at this point. Add this to your plugins/ServerTap/config.yml file:

useKeyAuth: true
key: some-long-super-random-string

Then include a Header called key with your specified key on every request to Authenticate.

We need help making this better! See for more info.


By default, ServerTap allows cross-origin requests from any origin (*). To change this, change the corsOrigins setting in the config file.



The setting supports as many origins as you want, just add them to the array.


ServerTap can send webhook messages in response to events on the server.

To use webhooks, just define them in your plugins/ServerTap/config.yml file like so:

    listener: ""
    - PlayerJoin
    - PlayerQuit

The webhook requests are POST containing a simple JSON payload:

  "player": {
    "uuid": "55f584e4-f095-48e0-bb8a-eb5c87ffe494",
    "displayName": "phybros",
    "address": "localhost",
    "port": 52809,
    "exhaustion": 0,
    "exp": 0.5714286,
    "whitelisted": true,
    "banned": false,
    "op": true
  "joinMessage": "§ephybros joined the game",
  "eventType": "PlayerJoin"

The available events are currently:

  • PlayerJoin
  • PlayerDeath
  • PlayerChat
  • PlayerKick
  • PlayerQuit



If you don't have authentication enabled, you are basically opening a remote admin console to your server up to the internet (bad idea).

ServerTap has a bi-directional websockets interface which allows you to receive server log lines in realtime (no polling!).

Once connected, any server log line that goes through the normal logging filters on the server will come down the websocket in a JSON object like this:

  "msg": "§6/version: §fGets the version of this server including any plugins in use",
  "ts": 1631834015918,
  "l": ""
  • ts is the timestamp of the log, in milliseconds since the UNIX Epoch
  • l is the name of the logger that produced the log

Note: you can use a library like ansicolors to parse the color codes for the browser.

Connect to ws://<host>:4567/v1/console (or use wss:// if you have TLS enabled). The last 1000 server log messages will be sent to the connecting client. You can configure the size of the server log buffer by changing websocketConsoleBuffer in config.yml.

You can also send commands through the WS connection and they will be executed on the server.

Authenticating Websockets

Since you can't set headers on websocket connections, you can't use the header key to authenticate like you can with regular API routes.

Instead you must set a cookie called x-servertap-key on the page hosting the websocket connection.


// set cookie to authenticate the connection
document.cookie = "x-servertap-key=change_me"; = new WebSocket("ws://localhost:4567/v1/ws/console"); = function() {
  console.log("Opened connection");

Contributing to ServerTap

You need a few things to get started

  • An IDE (e.g. IntelliJ)
  • JDK 17
  • Maven (>= v3.3)

Then, you can build the plugin jar by using the mvn package command.