Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

cPanel API Authentication questions

Discussion in 'cPanel Developers' started by Marani, Aug 6, 2018.

  1. Marani

    Marani Member

    Joined:
    Nov 23, 2015
    Messages:
    23
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Iran
    cPanel Access Level:
    Website Owner
  2. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    HI @Marani

    The tokens are only available to be used with WHMAPI Functions, DNS Clustering, and configuration Clusters at this time per our documentation here:
    Manage API Tokens - Version 74 Documentation - cPanel Documentation

    Furthermore, it's only valid for the root user or a reseller user as indicated here:
    Guide to API Authentication - API Tokens - Developer Documentation - cPanel Documentation

    To do what you're requesting it sounds like you'll need to use one of the other authentication methods available.

    Thanks!
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. Marani

    Marani Member

    Joined:
    Nov 23, 2015
    Messages:
    23
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Iran
    cPanel Access Level:
    Website Owner
    Hi Lauren,

    I believe you are talking about API token here, right?
    Guide to API Authentication - Developer Documentation - cPanel Documentation

    If yes, then, API token method is not for cPanel, so how do I generate cpsess (security token) with API? I need this to get authenticated to cPanel.

    If I log in using web browser I see cpsess generated in the address bar. I just don't want to use any browser-based action in my software that I'm coding.

    Are you familiar with POSTMAN? I do tests using postman.

    Thanks
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Marani

    As I indicated in my last response, no API token Authentication is not for cPanel it will only work for WHM i.e. the root user or a reseller.

    The only suitable method I can think of that wouldn't be browser based would be Guide to API Authentication - Secure Remote Logins - Developer Documentation - cPanel Documentation

    There is a list of suitable authentication methods at the bottom of the page here: Guide to API Authentication - Developer Documentation - cPanel Documentation

     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. Marani

    Marani Member

    Joined:
    Nov 23, 2015
    Messages:
    23
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Iran
    cPanel Access Level:
    Website Owner
    Secure Remote Login seems to need a PHP coding, which I don't know. I want to C#.
    The second link is the same authentication methods I posted in the first post.

    I wanted to create a file uploader in C# everything is done and works correctly except the first step which is to get cpsess (given after logging in via the browser).
     
  6. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    HI @Marani

    If you read through and looked at the example, you'd see it was actually using a perl script as an example. As long as the Cpanel::LogMeIn module was able to be called this would work.

    Yes, I am aware of that, I was just making a reference to the available authentication methods, as you can see from the quoted text. These are what is available

    If you don't know how to use any of the authentication methods available with your project you may want to look at enlisting the assistance of a developer that may be able to help you integrate one of them into your project. You might find some help here: System Administration Services | cPanel Forums though this is geared more toward system administrators. `
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. Marani

    Marani Member

    Joined:
    Nov 23, 2015
    Messages:
    23
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Iran
    cPanel Access Level:
    Website Owner
    Hi @cPanelLauren

    I have no idea how I forgot that I have written the authentication some time ago. I found it last night between source code files, tested it and it works perfectly. it was simple and needed none of the sample codes in the documentation.

    Now I can the most of cPanel API 2 and UAPI functions.

    Thanks
     
    cPanelLauren likes this.
  8. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    Hi @Marani


    Well, that's a really nice find!! I'm glad the issue is sorted and you can use the API and UAPI as you initially intended now :)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Marani likes this.
  9. rccaj

    rccaj Member

    Joined:
    Jun 16, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator

    Hi Even I am looking for this solution for generating api token through cpanel can you please help me with the code to see how does it works.

    Thanks in Advance

    Hi @Marani

    Even i am looking for same solution if you could help
     
    #9 rccaj, Dec 19, 2018
    Last edited by a moderator: Dec 19, 2018
  10. Marani

    Marani Member

    Joined:
    Nov 23, 2015
    Messages:
    23
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Iran
    cPanel Access Level:
    Website Owner
    Hi @rccaj,

    I get the session key this way and use all the way for other API calls:

    You need to use a POST method to send a request to "cPanelUrl:2083/login/?login_only=1" and for the parameters you need to pass credentials like "user=cpanelUsername&pass=#cpanelPassword".

    The response would be like:

    Code:
    {"status":1,"notices":[],"redirect":"/cpsess9394767568/frontend/paper_lantern/index.html?login=1&post_login=15475794144014","security_token":"/cpsess9394767568"}
    After getting this you can get the token (session key) using a JSON parser, regex or whatever you use.

    TIP: Use getpostman.com or servistate.com to make sure it works.

    Hope that helps.
     
    #10 Marani, Dec 19, 2018
    Last edited by a moderator: Dec 19, 2018
    Strangemother likes this.
  11. rccaj

    rccaj Member

    Joined:
    Jun 16, 2017
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    India
    cPanel Access Level:
    Root Administrator
    Hello @Marani

    Thanks for the help the thing is this method is working for some hosting accounts and for some domains hosting account its not working could you know if any possible reason for it that it works on few and for few it doesnt work.
     
  12. Marani

    Marani Member

    Joined:
    Nov 23, 2015
    Messages:
    23
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Iran
    cPanel Access Level:
    Website Owner
    PM me those cPanels that this method doesn't work on them and I will check. I need login info and you can change after the check.
    Because I tested on 3 different cPanels from 3 hosting companies and it worked on all.
     
  13. Infopro

    Infopro cPanel Sr. Product Evangelist Staff Member

    Joined:
    May 20, 2003
    Messages:
    16,948
    Likes Received:
    485
    Trophy Points:
    583
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
    Please do not ask for this sort of information on these forums. No user should ever be sharing login details with any other user.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  14. Marani

    Marani Member

    Joined:
    Nov 23, 2015
    Messages:
    23
    Likes Received:
    2
    Trophy Points:
    3
    Location:
    Iran
    cPanel Access Level:
    Website Owner
    Sorry, didn't know that.

    @rccaj that method works for me by the way.
     
  15. dgeniusudesign

    dgeniusudesign Registered

    Joined:
    Apr 1, 2019
    Messages:
    3
    Likes Received:
    1
    Trophy Points:
    1
    Location:
    Dearborn, USA
    cPanel Access Level:
    Website Owner
    Hi Marani,

    Thank you so much for this thread. I had been searching for this for nearly 2 weeks and I am really glad I found this.

    I tried the method and it works until I get a security token. The security token that I get from Postman & from my code are different. The one I get from my code does not work and when I use it, I get Status 401 - Access Denied. Any ideas what is happening here?

    Regards,
    Monish
     
  16. Strangemother

    Strangemother Registered

    Joined:
    Jun 5, 2019
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    cPanel Access Level:
    Reseller Owner
    I just want to say thank you - this worked great. It's taken me weeks to solve this problem. Is there a possibility to apply forum search tag to this as "How to authenticate a user's cPanel" of something?

    And some other bits helped:
     
  17. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    6,476
    Likes Received:
    507
    Trophy Points:
    263
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    I added some tags relevant to the discussion, thanks for your input @Strangemother
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    Strangemother likes this.
  18. Strangemother

    Strangemother Registered

    Joined:
    Jun 5, 2019
    Messages:
    2
    Likes Received:
    1
    Trophy Points:
    3
    Location:
    UK
    cPanel Access Level:
    Reseller Owner
    Thank you @cPanelLauren.

    To add my note, I've been struggling with this for a while. Now I've solved it I see how trivial it was. I hope others find this faster than I did. I've quantified two working solutions. The latter is much nicer.

    How do I login users to cPanel

    Requirements:
    • cpanel api, WHM management api
    As a provider, I would like to log-in my users into their cPanel for their benefit; server to client browser. It allows me to apply stronger credentials and support login issues with tickets.

    user/pass login

    The [history] thread is correct - using "/login/?login-only=1" persists a users session. I feel it's designed for explicit robot UI work - such as auto clicking and parsing. This has a number of (valid) limits:
    1. Login credentials require the users password
    2. sessions are maintained by the owning utility (the server script, or a local client (postman))
    3. the session is held with cookies.
    And it works fine if you're viewing within the session - such as postman or some interesting embedded wrapper.
    But due to newer internet securities this isn't shareable with the browser. Therefore if the session is generated within the server-side environment, you can't pass this to the user.

    This is due to the browser securing your session to the domain and app. To test this, authenticate (and perform) Postman - then open a new tab and paste the API given "session url"; it'll work. But applying the same address to another browser will require authentication.

    client behalf login

    WHM API 1 Functions - create_user_session - Developer Documentation - cPanel Documentation

    As an alternative I utilise the 'create_user_session' api url:

    https://cloud-api:208X/json-api/create_user_session?api.version=1&user=myuser&service=cpaneld&app=Backups_Home

    The endpoint authenticates for a small session window and returns a rich definition for the user session.

    Code:
    {'data': {'cp_security_token': '/cpsess1470532104',
                  'expires': 2559961754,
                  'service': 'cpaneld',
                  'session': 'myuser:random:create_user_session, random',
                  'url': '[URL='https://example.com/?&session=myuser%random:acreate_user_session%random'},
         ... }

    hand-off the user to the given url (I choose a redirect) and done! It works great:

    • no user password required
    • can happen automatically on any system
    • defaults 15 minutes user inactivity closure
    • user may use any browser
    ---

    I hope it helps. Thanks for such a rich API - I'm using python and it's awesome.

     
    #18 Strangemother, Jun 7, 2019
    Last edited by a moderator: Jun 7, 2019
    cPanelLauren likes this.
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice