DNS Cluster API Token ACL Permissions

Operating System & Version
CentOS 6 or 7, CloudLinux on most
cPanel & WHM Version


Well-Known Member
May 17, 2013
cPanel Access Level
Root Administrator
Hi All

I am looking at the array of ACL Permissions presented when I try to create a new API Token for a new server being added to our DNS Only Cluster.

I have 4 x DNS Only servers as the cluster with 6 CPanel Hosting servers syncing to it.

I have just added another hosting server and it has been a while since I added one.

The API Token creation has become a heap more complex than I recall, with options that are selected by default to cover most API connection requirements.

In the DNS Only Server WHM console, the Manage API Tokens page, presents a list of 17 options to toggle in 7 categories of options. A few have some cursory 'help' that warns against using the option, yet the options are selected by default. If they are bad, why are they enabled by default?

In any case, there is insufficient information for making a decision regarding what options are actually required, and which can be safely turned off for a DNS Cluster connection. This is from the view of providing the least-privileges for any access.

I have searched and read quite a few pages of documentation and I understand the how, when, etc. but I cannot find any list of the CPanel API Token ACL Permissions specific to a hosting server syncing to a DNS Only server.

Can someone point me to the appropriate documentation or provide a list of which ACL Permissions are required as a minimum.



Product Owner II
Staff member
Nov 14, 2017
You only need to clustering permissions on the token to enable it for DNS clustering. The only reason the warnings are there are to ensure that you are aware of the access that token grants if provided to a user since these API Tokens are not just used for Clustering they're used for WHM's remote API as well.