Updated: April 24, 2026

Setup API

Introduction to Control Panel API

Control Panel API is a REST/OpenAPI interface for automating selected operations in Setup.Platon.sk. The API is available at https://setup.platon.sk/api/ and uses standard HTTP methods with JSON responses.

The interface contains endpoint groups such as DNS, Email, Domain, Vehicle, System, OAuth and others. The current OpenAPI specification is available at https://setup.platon.sk/api/openapi.json.

Bearer token authentication

All protected API requests use the HTTP Authorization header with a Bearer token:

Authorization: Bearer YOUR_TOKEN

Example API request:

curl -H "Authorization: Bearer YOUR_TOKEN" \
	https://setup.platon.sk/api/system/hello

You can obtain the token either as an API key created directly in Control Panel, or through OAuth user authorization.

Two ways to obtain a token

A) API Key

An API key is created by the user directly in Control Panel. This approach is suitable when the integration is operated by the customer or by the customer's internal system.

Use an API key for:

• backend scripts,
• cron jobs,
• internal integration scripts,
• desktop or local applications used directly by the customer.

B) OAuth

Use OAuth when an application needs to act on behalf of Platon Technologies users and the user should approve access after signing in with their CNAME.

OAuth is suitable for:

• third-party applications,
• SaaS integrations,
• applications acting on behalf of multiple Platon Technologies users,
• solutions where the user should not manually paste an API key into an external application.

If the automation is owned and operated by the customer, use an API key. If the application belongs to a third party or serves multiple customers, use OAuth.

OAuth flow

Control Panel API uses the OAuth Device Authorization flow. The application first lists available scopes, then creates an OAuth request, sends the user to approve access and checks the authorization status afterwards.

List available scopes

Endpoint:

GET https://setup.platon.sk/api/oauth/scopes

Scopes define which parts of the API the token can access. The application should request only the minimum permissions it needs.

Create an OAuth request

Endpoint:

POST https://setup.platon.sk/api/oauth/requests

Example request:

curl -X POST https://setup.platon.sk/api/oauth/requests \
	-H "Content-Type: application/json" \
	-d '{
		"app_name": "Example Integration",
		"app_url_homepage": "https://example.com",
		"app_url_return": "https://example.com/oauth/return",
		"scopes": ["dns:read"]
	}'

Example response:

{
	"verify_token": "string",
	"access_token": "string",
	"redirect_url": "string",
	"verify_url": "string",
	"verify_interval_seconds": 0
}

The application redirects the user to the redirect_url value. In a CLI or desktop application, this URL is shown to the user so they can open it in a browser.

The user signs in with their CNAME and approves the requested access. The application then polls the authorization status through the verify_url value.

The polling interval must not be lower than verify_interval_seconds, so the application does not overload the API.

Endpoint for verifying the OAuth request:

GET https://setup.platon.sk/api/oauth/requests/verify?verify_token=VERIFY_TOKEN

Successful response after authorization:

{
	"status": "string",
	"token": "string",
	"token_expire": "string",
	"cname": "string",
	"error": "string"
}

Field meaning:

• token is the Bearer token for Control Panel API calls,
• token_expire contains the token expiration time,
• cname identifies the authorized customer.

Token refresh

An OAuth token can be refreshed before expiration through this endpoint:

POST https://setup.platon.sk/api/oauth/tokens/refresh

The request uses the current Bearer token in the Authorization header. The endpoint returns a new token and its new expiration.

curl -X POST https://setup.platon.sk/api/oauth/tokens/refresh \
	-H "Authorization: Bearer YOUR_TOKEN"

Token revocation

A token can be revoked or removed through this endpoint:

DELETE https://setup.platon.sk/api/oauth/tokens

Use this endpoint when signing out an application, disconnecting an integration or when a token should no longer remain active.

curl -X DELETE https://setup.platon.sk/api/oauth/tokens \
	-H "Authorization: Bearer YOUR_TOKEN"

SDK for Developers

SDK clients generated from the OpenAPI specification are available for developers:

• PHP: https://github.com/platon-net/cp-php-sdk
• Typescript: https://github.com/platon-net/cp-typescript-sdk
• Kotlin: https://github.com/platon-net/cp-kotlin-sdk
• Swift: https://github.com/platon-net/cp-swift-sdk

The SDK clients simplify calling endpoints, working with models and keeping the client updated from the current OpenAPI specification.

Practical notes

• Never store tokens publicly, send them to frontend code or commit them to a repository.
• With OAuth, request only the minimum scopes needed for the specific integration.
• Prefer OAuth for third-party integrations, so the user can safely approve access and revoke it later.
• Use API keys mainly for server-to-server automation and internal customer scripts.