Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

How to create cPanel session with whm api

Discussion in 'cPanel Developers' started by gondu riya, Mar 26, 2017.

  1. gondu riya

    gondu riya Registered

    Mar 26, 2017
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Reseller Owner
    I have a reseller account now I would like to create a login to cPanel button which logs my client to their cPanel account automatically (without password) using Single Sign On whm api.

    I see there is example in documentation but I could not achieve what I want. Some Help would be appreciated.

    Here's what I'm looking for:

    I've also posted this to
    #1 gondu riya, Mar 26, 2017
    Last edited by a moderator: Apr 1, 2017
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator

    Once you obtain the session ID, you'd use a URL such as this in your browser:

    Do you have root access to the affected system? If so, could you let us know of any output to /usr/local/cpanel/logs/error_log and /usr/local/cpanel/logs/login_log when you attempt to run the test PHP script?

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. cP_Sky

    cP_Sky Technical Analyst II
    Staff Member

    Oct 21, 2014
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator

    In follow up to this, I tested the code over on StackOverflow, which appeared to execute without issues.

    Checking the difference in expected results from the code, and the intended request(to provide an outward login session); I believe that is the issue.

    For instance, when executing the PHP script as in StackOverflow's example to perform a follow up function, you need to store that cookie for a later re-use, when attempting to give a session away to a URL, the cookie must remain "unspent", so to speak. That is to say, once you login and store the cookie, you will need to continue to use that cookie with the subsequent session URL requests, or it will be invalid.

    This can be exemplified with some slight modification to the code you have posted on StackOverflow, where we instead do not re-request the session and store it, but rather, provide it to the would-be web request:
    // This can also be the reseller who owns the cPanel user.
    $whmusername = "resellerlogin";
    $whmpassword = "luggage1234";
    // The user on whose behalf the API call runs.
    $cpanel_user = "cpacct"; //under reseller
    $servername = $_SERVER['SERVER_NAME'];
    $query = "https://" . $servername . ":2087/json-api/create_user_session?api.version=1&user=$cpanel_user&service=cpaneld";
    $curl = curl_init();                                     // Create Curl Object.
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);       // Allow self-signed certificates...
    curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);       // and certificates that don't match the hostname.
    curl_setopt($curl, CURLOPT_HEADER, false);               // Do not include header in output
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);        // Return contents of transfer on curl_exec.
    $header[0] = "Authorization: Basic " . base64_encode($whmusername.":".$whmpassword) . "\n\r";
    curl_setopt($curl, CURLOPT_HTTPHEADER, $header);         // Set the username and password.
    curl_setopt($curl, CURLOPT_URL, $query);                 // Execute the query.
    $result = curl_exec($curl);
    if ($result == false) {
        error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
                                                        // log error if curl exec fails
    $decoded_response = json_decode( $result, true );
    $targetURL = $decoded_response['data']['url'];
    print "<html><a href=\"" . $targetURL . "\">cPanel Login";
    print "</a></html>";

    In this, I have removed the action you took in the interface with the cookie afterwards that confirmed valid login, and instead left it to print out the generated session value that has not yet been tokenized, it is shown as an href, this piece of code should be able to be put into a web accessible URL's document root(even if only via fake domain's via /etc/hosts), and provide a working link that logs into a cPanel session.

    Please let us know if this is not working, or not what you were intending, and we can definitely give it another read-over.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    MaxFein and cPanelMichael like this.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice