Minimal permissions for managing CSF through API token

Hello,

Could you elaborate on how you are attempting to utilize the API token? Keep in mind that per our documentation, you can currently only use API tokens with the following features:

• WHM API functions.
• DNS Clusters.
• Configuration Clusters.

Thank you.

 

Hello,

For instance, how are you authenticating with the API token? Are you using a web browser? What error message do you receive?

Thank you.

 

If you are logging in as a reseller to access CSF, you must first authorize the reseller user via the following option as "root" in "WHM >> ConfigServer Security & Firewall":

CSF >> cPanel Resellers >> Edit Reseller Privs

Thank you.

 

Hello,

I believe this is a limitation of the CSF application itself. For instance, I was able to get it working by authorizing "root" via the following option in "WHM >> ConfigServer Security & Firewall":

CSF >> cPanel Resellers >> Edit Reseller Privs

EX:

Code:

root:1:USE,UNBLOCK

I recommend reporting this to ConfigServer directly:

Report Bugs (csf) - ConfigServer Community Forum

Thank you.

 

You could create a new cPanel user and make it a reseller. You'd then access WHM as the reseller user and browse to "WHM Home » Development » Manage API Tokens" to create a separate API token for the reseller. There's a feature request here you may also want to vote for:

root to be able to manage all user's tokens with api_token functions

Thank you.

 

Yes, you can limit access to what the reseller can do at:

Edit Reseller Nameservers and Privileges - Version 70 Documentation - cPanel Documentation

Thank you.

 

Hello,

Yes, the same feature is available in cPanel version 68.

Thank you.

 

Hello Miguel,

Please keep in mind that we currently only support the use of API tokens with the following features:

• WHM API functions.
• DNS Clusters.
• Configuration Clusters

This is documented at:

Manage API Tokens - Version 70 Documentation - cPanel Documentation

The URL you are using in your custom script is not a cPanel or WHM API function. For instance, notice in the example script the URL is:

Code:

https://127.0.0.1:2087/json-api/listaccts?api.version=1

In particular, note the use of "json-api/listaccts?api.version=1", as that's indicating the use of a WHM API 1 function. In your custom script, you use the following:

Code:

https://127.0.0.1:2087/cgi/configserver/csf.cgi?action=kill&ip=XXX.XXX.XXX.XXX

Notice how your link is just a direct link that you would use in a web browser as opposed to an actual WHM API 1 function. While this is technically possible with CGI scripts when the application is registered as a plugin with the AppConfig system, it's up to the third-party developer to verify their specific application supports usage in this manner. As I understand, CSF is only guaranteed to work via the normal access to Web Host Manager in a browser per their quote in that thread:

Thank you.