cPanel API Authentication questions

[Marani]

Hi,

I need to generate a security token (cpsess) to be able to use POST requests for cPanel functions.

Here:
Guide to API Authentication - Developer Documentation - cPanel Documentation

It seems methods are for WHM and not cPanel.

For example, tested "Username and Password Authentication" sample PHP code, but it redirects me to the cPanel login page.

How do I generate a security token for cPanel?

Thanks

 

[cPanelLauren]

HI @Marani

The tokens are only available to be used with WHMAPI Functions, DNS Clustering, and configuration Clusters at this time per our documentation here:
Manage API Tokens - Version 74 Documentation - cPanel Documentation

Furthermore, it's only valid for the root user or a reseller user as indicated here:
Guide to API Authentication - API Tokens - Developer Documentation - cPanel Documentation

To do what you're requesting it sounds like you'll need to use one of the other authentication methods available.

Thanks!

 

[Marani]

Hi Lauren,

I believe you are talking about API token here, right?
Guide to API Authentication - Developer Documentation - cPanel Documentation

If yes, then, API token method is not for cPanel, so how do I generate cpsess (security token) with API? I need this to get authenticated to cPanel.

If I log in using web browser I see cpsess generated in the address bar. I just don't want to use any browser-based action in my software that I'm coding.

Are you familiar with POSTMAN? I do tests using postman.

Thanks

 

[cPanelLauren]

Hi @Marani

As I indicated in my last response, no API token Authentication is not for cPanel it will only work for WHM i.e. the root user or a reseller.

The only suitable method I can think of that wouldn't be browser based would be Guide to API Authentication - Secure Remote Logins - Developer Documentation - cPanel Documentation

There is a list of suitable authentication methods at the bottom of the page here: Guide to API Authentication - Developer Documentation - cPanel Documentation

Authentication methods
You can use the following methods to authenticate with cPanel & WHM in your custom code:

• Access Hash Authentication — Access hashes allow you to authenticate with the server as the root user.
  
  
• API Tokens — Use API tokens to authenticate to execute WHM API 1 functions over HTTPS.
• Browser-Based Authentication — Browser-based authentication accesses cPanel & WHM's functionality via the browser.
• Secure Remote Logins — cPanel & WHM supports secure remote logins via the Cpanel::LogMeIn module.
• Single Sign On — The Single Sign On feature generates a temporary session to authenticate with cPanel & WHM.
• Two-Factor Authentication — Two-Factor authentication (2FA) requires an additional security code to log in to cPanel & WHM.
• Username and Password Authentication — Scripts can authenticate via a username and password in an HTTP header.

 

[Marani]

Secure Remote Login seems to need a PHP coding, which I don't know. I want to C#.
The second link is the same authentication methods I posted in the first post.

I wanted to create a file uploader in C# everything is done and works correctly except the first step which is to get cpsess (given after logging in via the browser).

 

[cPanelLauren]

HI @Marani

Secure Remote Login seems to need a PHP coding, which I don't know. I want to C#.

If you read through and looked at the example, you'd see it was actually using a perl script as an example. As long as the Cpanel::LogMeIn module was able to be called this would work.

The second link is the same authentication methods I posted in the first post.

Yes, I am aware of that, I was just making a reference to the available authentication methods, as you can see from the quoted text. These are what is available

I wanted to create a file uploader in C# everything is done and works correctly except the first step which is to get cpsess (given after logging in via the browser).

If you don't know how to use any of the authentication methods available with your project you may want to look at enlisting the assistance of a developer that may be able to help you integrate one of them into your project. You might find some help here: System Administration Services | cPanel Forums though this is geared more toward system administrators. `

 

[Marani]

Hi @cPanelLauren

I have no idea how I forgot that I have written the authentication some time ago. I found it last night between source code files, tested it and it works perfectly. it was simple and needed none of the sample codes in the documentation.

Now I can the most of cPanel API 2 and UAPI functions.

Thanks

 

[cPanelLauren]

Hi @Marani


Well, that's a really nice find!! I'm glad the issue is sorted and you can use the API and UAPI as you initially intended now

 

[rccaj]

Hi @cPanelLauren

I have no idea how I forgot that I have written the authentication some time ago. I found it last night between source code files, tested it and it works perfectly. it was simple and needed none of the sample codes in the documentation.

Now I can the most of cPanel API 2 and UAPI functions.

Thanks

Hi Even I am looking for this solution for generating api token through cpanel can you please help me with the code to see how does it works.

Thanks in Advance

Hi @Marani

Even i am looking for same solution if you could help

 

[Marani]

Hi @rccaj,

I get the session key this way and use all the way for other API calls:

You need to use a POST method to send a request to "cPanelUrl:2083/login/?login_only=1" and for the parameters you need to pass credentials like "user=cpanelUsername&pass=#cpanelPassword".

The response would be like:

{"status":1,"notices":[],"redirect":"/cpsess9394767568/frontend/paper_lantern/index.html?login=1&post_login=15475794144014","security_token":"/cpsess9394767568"}

After getting this you can get the token (session key) using a JSON parser, regex or whatever you use.

TIP: Use getpostman.com or servistate.com to make sure it works.

Hope that helps.

 

[rccaj]

Hello @Marani

Thanks for the help the thing is this method is working for some hosting accounts and for some domains hosting account its not working could you know if any possible reason for it that it works on few and for few it doesnt work.

 

[Marani]

PM me those cPanels that this method doesn't work on them and I will check. I need login info and you can change after the check.
Because I tested on 3 different cPanels from 3 hosting companies and it worked on all.

 

[Infopro]

PM me those cPanels that this method doesn't work on them and I will check. I need login info

Please do not ask for this sort of information on these forums. No user should ever be sharing login details with any other user.

 

[Marani]

Sorry, didn't know that.

@rccaj that method works for me by the way.

 

[dgeniusudesign]

Hi Marani,

Thank you so much for this thread. I had been searching for this for nearly 2 weeks and I am really glad I found this.

I tried the method and it works until I get a security token. The security token that I get from Postman & from my code are different. The one I get from my code does not work and when I use it, I get Status 401 - Access Denied. Any ideas what is happening here?

Regards,
Monish

 

[Strangemother]

Hi @rccaj,

I get the session key this way and use all the way for other API calls:

You need to use a POST method to send a request to "cPanelUrl:2083/login/?login_only=1" and for the parameters you need to pass credentials like "user=cpanelUsername&pass=#cpanelPassword".

The response would be like:

{"status":1,"notices":[],"redirect":"/cpsess9394767568/frontend/paper_lantern/index.html?login=1&post_login=15475794144014","security_token":"/cpsess9394767568"}

After getting this you can get the token (session key) using a JSON parser, regex or whatever you use.

TIP: Use getpostman.com or servistate.com to make sure it works.

Hope that helps.

I just want to say thank you - this worked great. It's taken me weeks to solve this problem. Is there a possibility to apply forum search tag to this as "How to authenticate a user's cPanel" of something?

And some other bits helped:

• Guide to API Authentication - Browser-Based Authentication - Developer Documentation - cPanel Documentation
  
• How to Log in to Your Server or Account - cPanel Knowledge Base - cPanel Documentation
  

 

[cPanelLauren]

I added some tags relevant to the discussion, thanks for your input @Strangemother

 

[Strangemother]

Thank you @cPanelLauren.

To add my note, I've been struggling with this for a while. Now I've solved it I see how trivial it was. I hope others find this faster than I did. I've quantified two working solutions. The latter is much nicer.

How do I login users to cPanel

Requirements:

• cpanel api, WHM management api

As a provider, I would like to log-in my users into their cPanel for their benefit; server to client browser. It allows me to apply stronger credentials and support login issues with tickets.

user/pass login

The [history] thread is correct - using "/login/?login-only=1" persists a users session. I feel it's designed for explicit robot UI work - such as auto clicking and parsing. This has a number of (valid) limits:

1. Login credentials require the users password
2. sessions are maintained by the owning utility (the server script, or a local client (postman))
3. the session is held with cookies.

And it works fine if you're viewing within the session - such as postman or some interesting embedded wrapper.
But due to newer internet securities this isn't shareable with the browser. Therefore if the session is generated within the server-side environment, you can't pass this to the user.

This is due to the browser securing your session to the domain and app. To test this, authenticate (and perform) Postman - then open a new tab and paste the API given "session url"; it'll work. But applying the same address to another browser will require authentication.

client behalf login

WHM API 1 Functions - create_user_session - Developer Documentation - cPanel Documentation

As an alternative I utilise the 'create_user_session' api url:

https://cloud-api:208X/json-api/cre...&user=myuser&service=cpaneld&app=Backups_Home

The endpoint authenticates for a small session window and returns a rich definition for the user session.

{'data': {'cp_security_token': '/cpsess1470532104',
              'expires': 2559961754,
              'service': 'cpaneld',
              'session': 'myuser:random:create_user_session, random',
              'url': '[URL='https://example.com/?&session=myuser%random:acreate_user_session%random'},
     ... }

hand-off the user to the given url (I choose a redirect) and done! It works great:

• no user password required
• can happen automatically on any system
• defaults 15 minutes user inactivity closure
• user may use any browser

---

I hope it helps. Thanks for such a rich API - I'm using python and it's awesome.

 

[scutting]

@Strangemother, I am attempting to do a similar thing that you described here, but I am having difficulty getting the "hand-off" to work as you describe. When I pass the returned URL, I am presented with the cPanel login screen instead of having the session already started. Would you be willing to share the code that shows how you are making this work? I am using PHP, but am able to understand Python, if that is what you have.

Thanks in advance.

 

[cPanelTJ]

@scutting in the event that @Strangemother isn't able to get back to you, would you mind sharing what you have so far and we can try to help?