how to create user, site and DB from WHM plugin without access hash?

rustyhex2

Member
Dec 12, 2013
8
0
1
cPanel Access Level
Root Administrator
Hello. I need to create user, domain and DB from WHM plugin.
I know, that's possible only with XML-api, but it requires login/pass or access hash.
It seems strange, because i already logged into WHM as root and have session in url. This session is not valid for requests, sent from local script (php/curl xml api request).

I wish i could call API without any access creds.
Is this possible in the current version of cPanel? If so, how can it be accomplished?
 

vanessa

Well-Known Member
PartnerNOC
Sep 26, 2006
833
28
178
Virginia Beach, VA
cPanel Access Level
DataCenter Provider
You cannot call the API without either the access hash or the password. Being able to do so would be considered a huge security vulnerability, considering what the API can do. You may want to consider using a cPanel API2 call instead, which can authenticate using the cPanel user's credentials.

https://github.com/CpanelInc/xmlapi-php
https://documentation.cpanel.net/display/SDK/Using+API+2+Functions#UsingAPI2Functions-CallAPI2
https://documentation.cpanel.net/display/SDK/cPanel+API+2+-+MysqlFE
 

KostonConsulting

Well-Known Member
Verifed Vendor
Jun 17, 2010
255
1
68
San Francisco, CA
cPanel Access Level
Root Administrator
If you're already logged in as root, you'll have read access to /root/.accesshash. Just load it out of the file and use it to make the API call

Be warned that you should use an appconfig file to make sure your WHM plugin executes as the logged in user so that other users cannot act as root via your plugin.