API Tokens and WHM Function listresellers / resellerstats

bellwood · Apr 1, 2019

When generating API tokens, I am looking for the privileges specific to the `listresellers` and `resellerstats` functions.

The documentation pages do not list the required token privileges to use these.

Thank you.

cPanelMichael · Apr 1, 2019

Hello @bellwood,

Both of those WHM API 1 functions require the All Features (all) privilege.

Thank you.

bellwood · Apr 1, 2019

So another case where a 'god token' is needed to simply list something?

Any chance this can be discussed internally to see if there is a chance to scope this down to a resellers group or as general permissions - using a 'god token' to simply list the resellers on a box and their stats seems careless.

Also is there a reference/document for what token privileges are required for all the API methods?

The ACL doc that's out there lists some but not all:
Guide to WHM Plugins - ACL Reference Chart - Developer Documentation - cPanel Documentation

Thanks, I look forward to your feedback.

cPanelMichael · Apr 1, 2019

Hello @bellwood,

As it stands, this is by-design because it's not possible to view a list of resellers or view reseller usage statistics without root access to the system. The ability to have resellers manage/view other resellers is open as a feature request on the link below if you'd like to vote/add feedback:

Add support for sub-resellers

As far as the reference chart, the link you provided is currently the best resource available and complements the document below:

Edit Reseller Nameservers and Privileges - Version 78 Documentation - cPanel Documentation

Is there a specific privilege that's not listed that you'd like to see added?

Thank you.

bellwood · Apr 1, 2019

listresellers and resellerstats aren't in there.

Understood from your standpoint on the privileges required however it would be nice if some additional granularity was available but perhaps that will come in time.

From a deny then allow mentality it would be fantastic if the API token interface simply offered the ability to give read and/or write privileges to any of the methods and in some cases did containerize certain sections like DNS, etc.

cPanelMichael · Apr 2, 2019

bellwood said:
From a deny then allow mentality it would be fantastic if the API token interface simply offered the ability to give read and/or write privileges to any of the methods and in some cases did containerize certain sections like DNS, etc.

Hello @bellwood,

This would make for a good feature request. Feel free to open the request when you have the time and post the link to it here.

Thank you.

Thread starter	Similar threads	Forum	Replies	Date
R	Connection from integromat to cpanel API with API Tokens	Developer Experience	10	Jul 4, 2021
R	API tokens being skipped?	Developer Experience	1	Jun 8, 2019
	In Progress [CPANEL-26332] API Tokens and WHM Function list-zones	Developer Experience	8	Mar 14, 2019
N	SOLVED API Authentication Using Tokens	Developer Experience	2	Mar 14, 2018
D	Api tokens, can't find it in WHM UI	Developer Experience	1	Mar 5, 2017

Search

Search

API Tokens and WHM Function listresellers / resellerstats

bellwood

Well-Known Member

cPanelMichael

Administrator

bellwood

Well-Known Member

cPanelMichael

Administrator

bellwood

Well-Known Member

cPanelMichael

Administrator