SOLVED API Authentication Using Tokens

nickwuk

Active Member
Jul 18, 2009
27
2
53
I've successfully used xmlapi but now read that it is deprecated and will be removed in WHM v70, so I'm trying to instead use an API token for authentication (rather than a hash as I read that hash authentication is also deprecated). I've set Tweak Settings > cPanel & WHM API shell (for developers): On and I've followed the Developers Guide example for listing accounts, changing the host from 127.0.0.1 to my servers IP; the code I've used is as below (with sensitive data replaced) but I get "[!] Error: 403 returned":

Code:
<?php
    $host = "123.456.789.123";
    $user = "root";
    $token = "accesshash-0123456789";

    $query = "https://" . $host . ":2087/json-api/listaccts?api.version=1";

    $curl = curl_init();
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);

    $header[0] = "Authorization: whm $user:$token";
    curl_setopt($curl,CURLOPT_HTTPHEADER,$header);
    curl_setopt($curl, CURLOPT_URL, $query);

    $result = curl_exec($curl);

    $http_status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
    if ($http_status != 200) {
        echo "[!] Error: " . $http_status . " returned\n";
    } else {
        $json = json_decode($result);
        echo "[+] Current cPanel users on the system:\n";
        foreach ($json->{'data'}->{'acct'} as $userdetails) {
            echo "\t" . $userdetails->{'user'} . "\n";
        }
    }

    curl_close($curl);
?>
I've checked that 'list-accts' is enabled in the token settings. Any ideas please?
 

nickwuk

Active Member
Jul 18, 2009
27
2
53
SOLVED! Simple miss-understanding about the API token, I was trying to use an existing token but that relies on one having noted the key. Once I created a new token and updated the code then it worked. This tutorial video helped.
 
  • Like
Reactions: cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,904
2,218
463
Hello,

I'm glad to see you solved the issue. Thank you for sharing the outcome.