Server Power Actions API
The Server Power Actions API allows you to programmatically control your game servers — start, stop, restart, or force-kill them — as well as list all servers associated with your account. This reference covers every endpoint, authentication requirements, request/response formats, and error handling.
Base URL
https://apiserver.zampto.netAuthentication
All endpoints except GET /health require a Bearer token in the request headers.
Authorization: Bearer <your_api_key>Your API key is validated against the database on every request. The key must exist and have an active status. Invalid keys will return a 401 Unauthorized error.
Keep your API key secret. Treat it like a password — do not expose it in client-side code, public repositories, or logs.
You can get API Keys from https://dash.zampto.net/settings/api
Rate Limits
To ensure fair usage and server stability, the API enforces the following rate limit:
| Limit | Window |
|---|---|
| 5 requests | per 10 seconds |
Exceeding this limit will result in your requests being rejected until the window resets. We recommend implementing request queuing or exponential backoff in your integration to stay within limits. If you need higher limits, please contact us.
How to Get Your Server ID
Every power action endpoint requires a numeric server ID. There are two ways to find it:
Option 1 — Via the /list endpoint
Send an authenticated request to GET /list and look for the id field in the response:
curl https://apiserver.zampto.net/list \
-H "Authorization: Bearer your_api_key_here"Each server object in the data array contains an id field — that's the value you pass as the server parameter.
Option 2 — Via the Dashboard
- Go to the Server Overview in your dashboard
- Find the server you want to manage and click Manage Server
- Scroll to the Additional Information frame
- Your Server ID is listed there
In this article, we will use Server ID 1 as an example. In your requests you will need to change it.
Endpoints
Power Control
All power control endpoints share the same request structure. They accept a JSON body with a server field containing the numeric ID of the server you want to act on.
POST /start
Start a stopped server.
Request
curl -X POST https://apiserver.zampto.net/start \
-H "Authorization: Bearer your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"server": 1}'Body
{
"server": 1
}Success Response — 200 OK
{
"success": true,
"message": "Success"
}POST /stop
Gracefully stop a running server.
Request
curl -X POST https://apiserver.zampto.net/stop \
-H "Authorization: Bearer your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"server": 1}'Body
{
"server": 1
}Success Response — 200 OK
{
"success": true,
"message": "Success"
}POST /restart
Restart a server (stop, then start).
Request
curl -X POST https://apiserver.zampto.net/restart \
-H "Authorization: Bearer your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"server": 1}'Body
{
"server": 1
}Success Response — 200 OK
{
"success": true,
"message": "Success"
}POST /kill
Force-kill a server immediately, without a graceful shutdown. Use this only when a server is unresponsive and a normal stop has failed.
Warning: Force-killing a server may cause data loss or corruption if the server process has unsaved state.
Request
curl -X POST https://apiserver.zampto.net/kill \
-H "Authorization: Bearer your_api_key_here" \
-H "Content-Type: application/json" \
-d '{"server": 1}'Body
{
"server": 1
}Success Response — 200 OK
{
"success": true,
"message": "Success"
}Server Listing
GET /list
Returns all servers owned by the authenticated user.
Request
curl https://apiserver.zampto.net/list \
-H "Authorization: Bearer your_api_key_here"Success Response — 200 OK
{
"success": true,
"message": "Success",
"data": [
{
"id": 1,
"name": "Minecraft Server",
"memory": 4096,
"disk": 51200,
"cpu": 4,
"backups": 3,
"allocations": 1,
"creation_timestamp": "2026-01-15T10:30:00.000Z",
"uuid": "a1b2c3d4-e5f6-7890-abcd-ef1234567890",
"identifier": "abc123def456",
"main_allocation_port": 25565,
"node_id": 1,
"created_by": 42
}
]
}Health Check
GET /health
Returns the current status of the API. No authentication required. Useful for uptime monitoring and readiness checks.
Request
curl https://apiserver.zampto.net/healthResponse — 200 OK
{
"status": "ok",
"timestamp": "2026-05-03T12:00:00.000Z"
}Response Format
All responses follow a consistent JSON envelope.
Success (CODE 200/204)
{
"success": true,
"message": "Success"
}Error
{
"success": false,
"message": "Error description here"
}Error Reference
| HTTP Status | Message | Cause |
|---|---|---|
400 |
Missing Authorization header |
No Authorization header was sent with the request |
400 |
Invalid Authorization format. Use: Bearer <token> |
The header does not begin with Bearer |
400 |
Invalid token |
The token is too short to be valid |
400 |
Invalid token format |
SQL injection or XSS patterns were detected in the token |
401 |
Unauthorized: Invalid API key |
API key not found in the database, or its status is disabled (0) |
400 |
Invalid JSON body |
The request body is not valid JSON |
400 |
Server parameter is required |
The server field is missing from the request body |
400 |
Invalid server ID |
The server value is not a number |
403 |
Server not found, not existent, or unauthorized |
The server ID does not exist, or it belongs to a different user |
422 |
This server has not yet been synced, please wait 10 minutes and try again |
The server's uuid is empty — it has not finished syncing with the panel |
500 |
Failed to send power signal to server |
The panel API returned an unexpected response |
500 |
Internal server error |
An unexpected error occurred on the server |
If you have any issues, please contact us.