The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

cPanel API Password & Hash Authentication

Discussion in 'cPanel Developers' started by PK-Host, Aug 8, 2012.

  1. PK-Host

    PK-Host Registered

    Joined:
    Jul 28, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    I am attempting to authenticate into a cPanel account with its owners (Reseller Access Hash) key.
    I have so far got it working so that the api can authenticate with the reseller's password into any of their accounts as per the setting in root WHM. However I'd prefer to use the access hash if possible.

    Is it possible to authenticate into cPanel accounts using its owners hash key?
    So far I've got,

    PHP:
    $authstr $array['cpuser'] . ":" $array['cppass'];
    $pass base64_encode($authstr);
    if(empty(
    $array['cppass'])){
        
    fputs($socket"Authorization: WHM " $array['cpuser'] . ":" preg_replace("'(\r|\n)'","",$array['cphash']) . "\r\n");
    }else{
        
    fputs($socket"Authorization:Basic " $pass "\r\n");
    }
    However when it trys authenticate with the access hash I get

    Code:
    HTTP/1.1 403 Forbidden Access denied
    Connection: close
    Server: cpsrvd/11.32.3.21
    Content-type: text/plain
    
    Access denied
    Any help appreciated.
     
  2. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    To use impersonation you must use the password. We don't support impersonation using any other mechanism at this time.
     
  3. PK-Host

    PK-Host Registered

    Joined:
    Jul 28, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Ok, Can you confirm that there is no way of passing the resellers password already encrypted through the API? As if not I would have to store the passwords in a database which would be encrypted with openssl but it would inevitably still be able to be reversed.
     
  4. geck

    geck Member
    Staff Member

    Joined:
    Aug 9, 2012
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    No, there is not.

    However you can run API calls against a user while authenticated as the reseller on port 2087.


    f.ex.

    json-api/cpanel?
    cpanel_jsonapi_apiversion=2&
    cpanel_jsonapi_user=$username&
    cpanel_jsonapi_module=Email&
    cpanel_jsonapi_func=listpopswithdisk

    will get you a listing of a user's email accounts.
     
Loading...

Share This Page