API Tokens and WHM Function listresellers / resellerstats

bellwood

Active Member
PartnerNOC
Sep 25, 2012
32
5
8
New York
cPanel Access Level
DataCenter Provider
When generating API tokens, I am looking for the privileges specific to the `listresellers` and `resellerstats` functions.

The documentation pages do not list the required token privileges to use these.

Thank you.
 

bellwood

Active Member
PartnerNOC
Sep 25, 2012
32
5
8
New York
cPanel Access Level
DataCenter Provider
So another case where a 'god token' is needed to simply list something?

Any chance this can be discussed internally to see if there is a chance to scope this down to a resellers group or as general permissions - using a 'god token' to simply list the resellers on a box and their stats seems careless.

Also is there a reference/document for what token privileges are required for all the API methods?

The ACL doc that's out there lists some but not all:
Guide to WHM Plugins - ACL Reference Chart - Developer Documentation - cPanel Documentation

Thanks, I look forward to your feedback.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
Hello @bellwood,

As it stands, this is by-design because it's not possible to view a list of resellers or view reseller usage statistics without root access to the system. The ability to have resellers manage/view other resellers is open as a feature request on the link below if you'd like to vote/add feedback:

Add support for sub-resellers

As far as the reference chart, the link you provided is currently the best resource available and complements the document below:

Edit Reseller Nameservers and Privileges - Version 78 Documentation - cPanel Documentation

Is there a specific privilege that's not listed that you'd like to see added?

Thank you.
 

bellwood

Active Member
PartnerNOC
Sep 25, 2012
32
5
8
New York
cPanel Access Level
DataCenter Provider
listresellers and resellerstats aren't in there.

Understood from your standpoint on the privileges required however it would be nice if some additional granularity was available but perhaps that will come in time.

From a deny then allow mentality it would be fantastic if the API token interface simply offered the ability to give read and/or write privileges to any of the methods and in some cases did containerize certain sections like DNS, etc.
 

cPanelMichael

Technical Support Community Manager
Staff member
Apr 11, 2011
47,911
2,233
363
cPanel Access Level
DataCenter Provider
Twitter
From a deny then allow mentality it would be fantastic if the API token interface simply offered the ability to give read and/or write privileges to any of the methods and in some cases did containerize certain sections like DNS, etc.
Hello @bellwood,

This would make for a good feature request. Feel free to open the request when you have the time and post the link to it here.

Thank you.