Mar 11, 2014
17
1
3
cPanel Access Level
DataCenter Provider
OS : CENTOS 7.4 kvm
cPanel : v68.0.29

When issuing the command:
Code:
whmapi1 api_token_update token_name=<tokenname> acl-1=all
The command returns:
Code:
data:
  acls:
    - all
  create_time: '1518471368'
  name: <tokenname>
metadata:
  command: api_token_update
  reason: OK
  result: 1
  version: 1
Using the api_token_list command, I see all the acls that the token has now and it includes 'all'

However, when you view the token's permissions from inside WHM, the token does not have 'all' applied and the token does not actually have the permission either. ( cPanel API Response: You do not have permission to create sessions for the user <user> )

If I use the API shell and issue the same command, the command does correctly set the acl and the user is allowed to create sessions for another user.

Code:
{"metadata":{"version":1,"result":1,"command":"api_token_update","reason":"OK"},"data":{"create_time":1518534128,"acls":["all"],"name":"tokenname"}}
So - question: is there a cPanel service I need to restart after I use the whmapi1 command to get the system to pick up the new acl? Is this a bug?
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
However, when you view the token's permissions from inside WHM, the token does not have 'all' applied and the token does not actually have the permission either. ( cPanel API Response: You do not have permission to create sessions for the user <user> )
Hello,

I've been unable to reproduce this issue on a test system. Are you logging into WHM as "root" when reproducing this issue?

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,910
2,213
363
Hello,

I used the following steps in an attempt to replicate this issue:

1. Created the API token using the following command while logged in via SSH as "root":

Code:
whmapi1 api_token_create token_name=subway acl-1=all
2. Accessed WHM as "root" and browsed to the "Manage API Tokens" option.

3. Clicked on "Edit" under "subway" and confirmed that all privileges were assigned to the token.

4. Updated the ACLS for the token:

Code:
whmapi1 api_token_update token_name=subway acl-1=news
5. Clicked on "Edit" under "subway" and confirmed that just the "news" privilege was assigned to the token.

6. Updated the ACLS for the token:

Code:
whmapi1 api_token_update token_name=subway acl-1=all
7. Clicked on "Edit" under "subway" and confirmed that all privileges were assigned to the token.

Is there an additional step that isn't working for you, or a difference in one of the above steps?

Thank you.