mcp-cloudron

TESTING_NOTES.md•2.24 kB

# Real API Testing Session - 2025-12-26 ## Mission Test F07, F08, F12, F13 with real Cloudron API at https://my.serenichron.agency ## Token Permissions Discovery Current token: `f85f785dc515ab20be9ee520e104ceb9c8a9971427c3171d47f98e84c79472a6` ### Tested Endpoints | Endpoint | HTTP Method | Result | Status | |----------|-------------|--------|--------| | `/api/v1/cloudron/status` | GET | ✅ Works | Returns version 9.0.15 | | `/api/v1/apps` | GET | ✅ Works | Returns 2 apps | | `/api/v1/backups` | GET | ❌ Fails | 401 "No such token" | | `/api/v1/users` | GET | ❌ Fails | 401 "No such token" | ### Analysis The token has very limited permissions: - Can read system status - Can list apps - **Cannot** access backups endpoint - **Cannot** access users endpoint This is likely a **read-only token** or a token with **limited scopes**. ### Cloudron API Token Types According to [Cloudron API docs](https://docs.cloudron.io/api.html): - Tokens can be "Readonly" or "Read and Write" - Readonly tokens: Only GET operations allowed - Tokens inherit permissions from their owner (admin/user/owner roles) - Some endpoints may require 'admin' or 'owner' role ### Next Steps Required **BLOCKER**: Cannot proceed with real API testing for F07, F08, F12, F13 without proper token. **Options**: 1. **Create new token with full permissions** via Cloudron dashboard: - Navigate to https://my.serenichron.agency - Go to API Access menu - Create new "Read and Write" token with admin role - Update `~/.docker/mcp/config.yaml` with new token 2. **Verify current token owner role**: - Check if token owner has admin privileges - May need to be created by instance owner 3. **Test what we can with current token**: - F01 (control_app) - May work if GET only - F05 (configure_app) - Requires write, likely fails - F22 (search_apps) - Should work (read-only) ### Recommendation **ESCALATE TO USER**: Need admin-level "Read and Write" token to complete real API testing mission. Cannot claim F07, F08, F12, F13 as tested without proper credentials. ## Sources - [Cloudron API Docs](https://docs.cloudron.io/api.html) - [Scoped API tokens discussion](https://forum.cloudron.io/topic/5826/scoped-api-tokens)

Loading blob content...

Latest Blog Posts

Don't Use Large Strings as Cache Keys
By punkpeye on January 11, 2026.
markdown
node-js
cache
What are Claude Skills?
By punkpeye on January 10, 2026.
mcp
skills
How to Test MCP Streamable HTTP Endpoints Using cURL
By punkpeye on January 2, 2026.
tutorial
bash

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/serenichron/mcp-cloudron'

If you have feedback or need assistance with the MCP directory API, please join our Discord server

TESTING_NOTES.md•2.24 kB