APIv1.6 · 2026-06-03

Geliştirici API’si

Sunucularınızı, hostingi, alan adlarını, faturalandırmayı ve destek taleplerini programatik olarak yönetin. Tüm uç noktalar kapsam denetimli bir API anahtarıyla korunur.

Base URL

https://api.sunucu.com/v1

Kimlik doğrulama

Authorization: Bearer snc_…

OpenAPI 3.0.3/openapi.jsonMarkdown referans/docs.mdAI dizini/llms.txtAPI anahtarı al/account/api-keys

AI bağlantısı (MCP)

Claude ve diğer MCP destekli araçları doğrudan hesabınıza bağlayın. API anahtarınızı taşıyıcı (Bearer) olarak kullanır; tüm araçlar anahtarın kapsamlarıyla sınırlıdır.

MCP uç noktası (Streamable HTTP)

https://api.sunucu.com/mcp

Claude Code ile ekleyin:

claude mcp add --transport http sunucu https://api.sunucu.com/mcp \
  --header "Authorization: Bearer snc_…"

37 araç: sunucular, hosting, alan adları, faturalandırma, destek ve webhook’lar. API anahtarı oluşturun →

OAuth destekleyen istemciler anahtar yapıştırmadan bağlanabilir — tarayıcıda onaylarsınız (RFC 8628 cihaz kodu akışı).

Yerel/stdio çalıştırma: SUNUCU_API_KEY=snc_… npx -y @otwa/sunucu-mcp

Uç noktalar

Account

GET/v1/accountaccount:read

Returns the authenticated account profile.

Servers

GET/v1/serversservers:read

List every server on the account.

GET/v1/servers/:idservers:read

Server detail (backbone-scrubbed — no upstream provider, no provisioning logs).

GET/v1/servers/:id/statsservers:read

Live CPU / memory / network / disk usage.

GET/v1/servers/:id/snapshotsservers:read

Disk snapshots (restore points) for the server.

POST/v1/servers/:id/power/:actionservers:write

Power the server start, stop, or reboot. `:action` ∈ {start,stop,reboot}.

POST/v1/servers/:id/snapshotsservers:write

Take a disk snapshot. Honours an optional Idempotency-Key header.

{ "name": "pre-upgrade", "description": "before kernel bump" }

DELETE/v1/servers/:id/snapshots/:snapshotIdservers:write

Remove a snapshot (non-destructive to the live disk).

POST/v1/servers/:id/reinstallservers:destroy

DESTRUCTIVE — wipe the disk and rebuild from an OS template. Honours Idempotency-Key.

{ "osTemplate": "ubuntu-22.04", "os": "ubuntu" }

POST/v1/servers/:id/snapshots/:snapshotId/revertservers:destroy

DESTRUCTIVE — roll the live disk back to a snapshot.

DELETE/v1/servers/:idservers:destroy

DESTRUCTIVE — permanently terminate the server.

Hosting

GET/v1/hostinghosting:read

List web-hosting accounts.

GET/v1/hosting/:idhosting:read

Hosting account detail (connection info, backbone-scrubbed).

PUT/v1/hosting/:id/custom-domainhosting:write

Attach a custom domain to a hosting account.

{ "domain": "example.com" }

POST/v1/hosting/:id/custom-domain/verifyhosting:write

Re-check DNS and attach the custom domain once it points to us.

DELETE/v1/hosting/:id/custom-domainhosting:write

Detach the custom domain from the hosting account.

Domains

GET/v1/domainsdomains:read

List registered domains.

GET/v1/domains/:iddomains:read

Domain detail.

PATCH/v1/domains/:iddomains:write

Update auto-renew, transfer lock, WHOIS privacy, or nameservers.

{ "auto_renew": true, "transfer_lock": true, "nameservers": ["ns1.example.com","ns2.example.com"] }

Billing

GET/v1/billing/invoicesbilling:read

Paginated invoice list. Query: page, limit.

GET/v1/billing/invoices/:idbilling:read

Single invoice with line items.

GET/v1/billing/walletbilling:read

Prepaid wallet balance and state.

GET/v1/billing/wallet/transactionsbilling:read

Recent wallet transactions. Query: limit.

Support tickets

GET/v1/ticketstickets:read

List support tickets.

GET/v1/tickets/:idtickets:read

Ticket detail with the message thread.

POST/v1/ticketstickets:write

Open a support ticket. Honours Idempotency-Key.

{ "subject": "Need help", "message": "…", "department": "technical", "priority": "medium" }

POST/v1/tickets/:id/replytickets:write

Post a customer reply on a ticket.

{ "body": "Thanks, that worked." }

POST/v1/tickets/:id/closetickets:write

Close the ticket.

Webhooks

GET/v1/webhookswebhooks:read

List webhook subscriptions.

POST/v1/webhookswebhooks:write

Subscribe a URL to events. Secret returned ONCE.

{ "url": "https://example.com/hooks", "events": ["*"], "description": "prod" }

GET/v1/webhooks/:idwebhooks:read

Webhook subscription detail (secret masked).

PATCH/v1/webhooks/:idwebhooks:write

Change url, events, description, or pause/resume (isActive).

DELETE/v1/webhooks/:idwebhooks:write

Delete a subscription.

POST/v1/webhooks/:id/rotate-secretwebhooks:write

Issue a fresh signing secret (returned ONCE). Old secret stops immediately.

GET/v1/webhooks/:id/deliverieswebhooks:read

Recent delivery attempts. Query: limit.

POST/v1/webhooks/:id/deliveries/:deliveryId/redeliverwebhooks:write

Re-queue a past delivery for another attempt.

Webhooks

Bir olay gerçekleştiğinde URL’nize imzalı bir POST gönderilir. İmza HMAC-SHA256’dır: X-Sunucu-Signature: t=<ts>,v1=HMAC(secret, "<ts>." + body). Başarısız teslimler üstel geri çekilmeyle yeniden denenir (1dk → 6sa).

server.created

A server finished provisioning. Payload: serverId, status, label.

server.power.changed

A power action ran. Payload: serverId, action (start/stop/reboot).

server.reinstalled

A reinstall ran. Payload: serverId, os, osTemplate.

server.terminated

A server was terminated. Payload: serverId.

server.suspended

A server was suspended (e.g. expiry). Payload: serverId, reason.

hosting.created

A web-hosting account finished provisioning. Payload: hostingId, domain, status.

invoice.created

A new invoice was issued (any source — order, renewal, admin). Payload: invoiceId, invoiceNumber, status, totalUsdCents, currency.

invoice.paid

An invoice transitioned to paid (card, PayPal, crypto, or wallet). Payload: invoiceId, invoiceNumber, totalUsdCents, currency.

wallet.deposit.received

A wallet top-up was credited. Payload: amountUsdCents, gateway, transactionId.

domain.registered

A domain registration completed (post-payment). Payload: domainId, domain, periodYears, expiresAt.

ticket.created

A support ticket was opened. Payload: ticketId, ticketNumber, subject, status, priority.

ticket.replied

Support staff replied to your ticket. Payload: ticketId, ticketNumber, subject, status.

Hata kodları

400

Bad Request — Missing or invalid request body parameters.

401

Unauthorized — Missing, invalid, or expired API key.

403

Forbidden — API key lacks the required scope for this action.

404

Not Found — The resource does not exist or belongs to another account.

429

Too Many Requests — Per-key rate limit exceeded (120 req/min). See the X-RateLimit-Limit / -Remaining / -Reset and Retry-After response headers.

500

Internal Server Error — Unexpected server error. If persistent, contact support.

Değişiklik günlüğü

v1.62026-06-03latest

newTwo more webhook events: invoice.created (fires for any new invoice — order, renewal, or admin) and domain.registered (a registration completed after payment). The catalogue is now 13 events.
improvedConnect-AI (MCP) wizard on the API Keys page — pick your client (Claude Code / Desktop / Cursor / VS Code) and copy a ready-made config.

v1.52026-06-03

newOAuth 2.0 device-code flow (RFC 8628). Connect AI tools by browser-approval instead of pasting a key: the client opens sunucu.com/oauth/device, you approve the requested scopes, and it receives a scoped snc_at_ access token (+ single-use snc_rt_ refresh, 90-day). Endpoints under /oauth/* with AS metadata at /.well-known/oauth-authorization-server. Revoke connected apps anytime from the API Keys page.

v1.42026-06-03

newModel Context Protocol (MCP) server — connect Claude and other AI tools directly to your account at https://api.sunucu.com/mcp (Streamable HTTP) using your snc_ API key as a Bearer token. 37 tools across servers, hosting, domains, billing, tickets and webhooks, scope-gated by the key.

v1.32026-06-03

newPer-key rate limiting — 120 requests/minute per API key, with X-RateLimit-Limit / X-RateLimit-Remaining / X-RateLimit-Reset headers on every response and Retry-After on a 429.
newFour more webhook events: server.suspended, hosting.created, invoice.paid (fires for card / PayPal / crypto / wallet payments alike), and wallet.deposit.received.

v1.22026-06-03

newWebhooks — subscribe a URL to account events and receive signed (HMAC-SHA256) POSTs. Eight endpoints under /v1/webhooks behind the new webhooks:read / webhooks:write scopes: list, create, get, update (incl. pause/resume), delete, rotate-secret, delivery log, and redeliver. Failed deliveries retry with exponential backoff (1m→6h).
newWebhook events: server.created, server.power.changed, server.reinstalled, server.terminated, ticket.created, ticket.replied.

v1.12026-06-03

newWrite endpoints. servers:write — power start/stop/reboot, password reset, create/delete snapshots. servers:destroy (opt-in, not in defaults) — reinstall, snapshot revert, terminate. hosting:write — set/verify/remove custom domain. domains:write — update auto-renew / lock / WHOIS / nameservers. tickets:write — open, reply, close.
improvedIdempotency-Key header on snapshot-create, reinstall, and ticket-create dedups retried requests for 24h.

v1.02026-06-03

newPublic API launch — read-only endpoints for account, servers (incl. live stats & snapshots), hosting, domains, billing (invoices & wallet) and support tickets. Authenticate with an snc_… API key minted from the dashboard.