Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Migration to API Token

Discussion in 'cPanel Developers' started by shazde, Oct 5, 2017.

  1. shazde

    shazde Member

    Joined:
    May 19, 2014
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi,

    We have some plugins that use .accesshash file to authenticate as a user and make API calls.
    The way this works is that if there is no .accesshash file in the user home directory we generate the file and then use the content to authenticate against WHM.

    Unfortunately with whm 66 there .accesshash is now disabled and we have to use API Tokens.

    I have checked all the documentation and it seems the only way to generate API token is to do that manually which is not helpful at all.

    How can we generate API tokens on our WHM server for each one of the users automatically ?
     
  2. Travis

    Travis Active Member
    Staff Member

    Joined:
    Apr 24, 2002
    Messages:
    31
    Likes Received:
    3
    Trophy Points:
    383
    Location:
    cPanel Main Office
    cPanel Access Level:
    Root Administrator
    Hello Shazde,

    We deprecated Access Hashes because they had some security concerns we wanted to address.
    You can generate an API Token through the API using the create api_token_create call:
    WHM API 1 Functions - api_token_create - Software Development Kit - cPanel Documentation

    A few big differences between the Access Hash system and the API Token are:
    • Keys are no longer stored in plaintext
    • Keys are no longer stored in the users home directory
    • When a key is created the key is displayed just once. After which is stored in a nonreversible encrypted format. You will be unable to see the key again, so please store it somewhere safe.
    • As of cPanel & WHM version 68, keys can be created with limited permissions (Manage API Tokens - Version 68 Documentation - cPanel Documentation)
    I hope this helps solve your issues. Please feel free to let me know if you need additional help!
     
  3. shazde

    shazde Member

    Joined:
    May 19, 2014
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi Travis,

    Thank you for your response. I have already checked that API and I do not think that does the job that we need unless I am missing something.

    With that API call we can create token for another user if we are already logged/authenticated as that user.

    What we need is a way for root user (which can already have its token setup manually) to create token for other users and then use those tokens to make API call as those users.

    Unless there is a way to pass username to that api call which is not documented, I do not see how that can help.

    Can you please suggest a way to achieve our objective (which I assume is needed for any serious whm development)
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hi @shazde,

    If i understand correctly, you'd like to first authenticate as "root" to create an API token for another user. To do this, you'd simply use the following WHM API 1 function while authenticated as the "root" user:

    WHM API 1 Functions - api_token_create - Software Development Kit - cPanel Documentation

    EX (this is through the command line but you could set this up in a script as well):

    Code:
    whmapi1 api_token_create token_name=subway
    This will create a separate API token for use by another user (e.g. the reseller). Once you have the token, you can use it for API authentication. Here's a document with PHP and Perl examples on how to authenticate with the acquired API token:

    Guide to API Authentication - API Tokens - Software Development Kit - cPanel Documentation

    Keep in mind that you can only use API tokens with the following features at this time:

    WHM API functions
    DNS Clusters
    Configuration Clusters

    Thus, you can't authenticate with API tokens for the purpose of using UAPI or cPanel API 2 functions at this time, if that's your intention.

    Thank you.
     
  5. shazde

    shazde Member

    Joined:
    May 19, 2014
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Hi @cPanelMichael,

    Unfortunately that doesn't do the work.

    When I run
    Code:
    whmapi1 api_token_create token_name=subway
    I get a token that is only valid for root and I can only use it to make calls as root.

    Making API calls with that token and changing the username the way it is suggested in that link does not work and get rejected.
     
  6. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    38,658
    Likes Received:
    1,424
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    Upon testing, it's true the "whmapi1 api_token_create" WHM API 1 command is only usable by the "root" user, and thus you can't use this WHM API 1 function to create an API token for a reseller user. You'd need to access WHM as the reseller user and browse to "WHM Home » Development » Manage API Tokens" to create an API token for a reseller. I recommend opening a feature request for the ability to create API tokens via the command line as non-root users if that's the functionality you are seeking:

    Submit A Feature Request

    Thank you.
     
Loading...

Share This Page