The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

how to create user, site and DB from WHM plugin without access hash?

Discussion in 'cPanel Developers' started by rustyhex2, Jul 11, 2014.

  1. rustyhex2

    rustyhex2 Member

    Joined:
    Dec 12, 2013
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hello. I need to create user, domain and DB from WHM plugin.
    I know, that's possible only with XML-api, but it requires login/pass or access hash.
    It seems strange, because i already logged into WHM as root and have session in url. This session is not valid for requests, sent from local script (php/curl xml api request).

    I wish i could call API without any access creds.
    Is this possible in the current version of cPanel? If so, how can it be accomplished?
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    You cannot call the API without either the access hash or the password. Being able to do so would be considered a huge security vulnerability, considering what the API can do. You may want to consider using a cPanel API2 call instead, which can authenticate using the cPanel user's credentials.

    https://github.com/CpanelInc/xmlapi-php
    https://documentation.cpanel.net/display/SDK/Using+API+2+Functions#UsingAPI2Functions-CallAPI2
    https://documentation.cpanel.net/display/SDK/cPanel+API+2+-+MysqlFE
     
  3. KostonConsulting

    KostonConsulting Well-Known Member

    Joined:
    Jun 17, 2010
    Messages:
    255
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    San Francisco, CA
    cPanel Access Level:
    Root Administrator
    If you're already logged in as root, you'll have read access to /root/.accesshash. Just load it out of the file and use it to make the API call

    Be warned that you should use an appconfig file to make sure your WHM plugin executes as the logged in user so that other users cannot act as root via your plugin.
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,761
    Likes Received:
    662
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page