cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

The following document is a good place to start:

Developer Documentation Home - Developer Documentation - cPanel Documentation

Note that it's a good idea to use JSON instead of the XML-like output of our APIs. See the following quote from our March 2017 Development Update Blog:

  • XML-like output of APIs
    The XML-like output of our API (often called the XML API) is already officially deprecated, and cPanel & WHM Version 70 will be the last version to support this output. Integrators and API users will want to begin switching to use the JSON output of the API now. The XML-like format has long caused problems for integrators and developers because it is not valid XML, and we find that removing it completely will help reduce that.
Thank you.
 
Last edited:

bouvrie

Active Member
Apr 6, 2012
36
6
58
cPanel Access Level
Root Administrator
Yes, well, some helpful individual killed all the original in-links to the documentations from google. Even on the page you link EVERY SINGLE link is broken and redirects (301 Moved Permanently) to /DD. Awesome.
 

CFelix

Member
Nov 3, 2017
8
0
1
Africa
cPanel Access Level
Website Owner
You know, its really not that I have not really read that documentation several times but I seem not to add the pieces together. Especially how do I connect to cpanel remotely and that goes to WHM as well. Because if I can connect properly then I use php to do things like create cpanel account, or create email accounts or even mysql db. In some of your old thread like as of June 25 2017. You pointed some people to your xmlapi-php at Github is that file still OK to use? I saw it was last updated 2016, if am correct. If its not, please help point to the best way I can connect to cpanel, and WHM to be able to use api2 and uapi for cpanel and api1 for WHM. Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello,

If the custom script you are developing is hosted on a remote server, then you'd need to configure the script to connect to the IP address of the cPanel server as opposed to "localhost" or "127.0.0.1". We provide a list of available authentication methods at:

Guide to API Authentication - Developer Documentation - cPanel Documentation

Additionally, if you plan to develop your script in PHP, you may find the following user-submitted UAPI PHP class helpful:

UAPI PHP Class

Thank you.
 

CFelix

Member
Nov 3, 2017
8
0
1
Africa
cPanel Access Level
Website Owner
Hello,

If the custom script you are developing is hosted on a remote server, then you'd need to configure the script to connect to the IP address of the cPanel server as opposed to "localhost" or "127.0.0.1". We provide a list of available authentication methods at:

Guide to API Authentication - Developer Documentation - cPanel Documentation

Additionally, if you plan to develop your script in PHP, you may find the following user-submitted UAPI PHP class helpful:

UAPI PHP Class

Thank you.

Thank you for your response. Am I interested in Hash, Username & Password and Api Tokens authentications.

Now from what I understand from your documentation, api token is used mainly for WHM api 1 calls. E.g

Guide to API Authentication - API Tokens - Developer Documentation - cPanel Documentation

Now from here, am OK with WHM authentication and how to make a call to it.

But for cpanel, am not so sure. The links below treated Hash, Username & Password but gave examples with WHM, could you please use any cpanel call, like maybe 'addpop' to make an example. So that I can see how cpanel is authenticated.

Guide to API Authentication - Access Hash Authentication - Developer Documentation - cPanel Documentation

Guide to API Authentication - Username and Password Authentication - Developer Documentation - cPanel Documentation

So, if you won't mind could you show me an example call in cpanel that uses the example in the link above.

Not that I don't appreciate other class from people who have done this, but I really want to understand your documentation, so that I could use it properly.
Hope you understand me question.

Warm Regards
 
Last edited by a moderator:

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
But for cpanel, am not so sure. The links below treated Hash, Username & Password but gave examples with WHM, could you please use any cpanel call, like maybe 'addpop' to make an example. So that I can see how cpanel is authenticated.
Hello,

The Access Hash Authentication method is only available for WHM authentication. If you are looking to authenticate with the cPanel username and password, then you'd need to modify the example provided on Username and Password Authentication document so that it uses the cPanel username, password, port, and UAPI link. EX:

Code:
<?
$whmusername = "username123";
$whmpassword = "password12345";

$query = "https://127.0.0.1:2083/execute/Email/list_pops";

$curl = curl_init();                                    // Create Curl Object
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);       // Allow self-signed certs
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);       // Allow certs that do not match the hostname
curl_setopt($curl, CURLOPT_HEADER,0);                       // Do not include header in output
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);       // Return contents of transfer on curl_exec
$header[0] = "Authorization: Basic " . base64_encode($whmusername.":".$whmpassword) . "\n\r";
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);    // set the username and password
curl_setopt($curl, CURLOPT_URL, $query);                        // execute the query
$result = curl_exec($curl);
if ($result == false) {
        error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
                                                    // log error if curl exec fails
}
curl_close($curl);

print $result;

?>
As far as the following line:

Code:
$query = "https://127.0.0.1:2083/execute/Email/list_pops";
I recommend enabling the following option under the "System" tab in "WHM >> Tweak Settings":

cPanel & WHM API shell (for developers)

This will allow you to access the "API Shell" option from within cPanel for an account with reseller privileges (you can create a test account for this purpose). The API Shell option in cPanel will help you formulate the correct URL.

Thank you.
 

CFelix

Member
Nov 3, 2017
8
0
1
Africa
cPanel Access Level
Website Owner
Thank you for the messa
Hello,

The Access Hash Authentication method is only available for WHM authentication. If you are looking to authenticate with the cPanel username and password, then you'd need to modify the example provided on Username and Password Authentication document so that it uses the cPanel username, password, port, and UAPI link. EX:

Code:
<?
$whmusername = "username123";
$whmpassword = "password12345";

$query = "https://127.0.0.1:2083/execute/Email/list_pops";

$curl = curl_init();                                    // Create Curl Object
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER,0);       // Allow self-signed certs
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST,0);       // Allow certs that do not match the hostname
curl_setopt($curl, CURLOPT_HEADER,0);                       // Do not include header in output
curl_setopt($curl, CURLOPT_RETURNTRANSFER,1);       // Return contents of transfer on curl_exec
$header[0] = "Authorization: Basic " . base64_encode($whmusername.":".$whmpassword) . "\n\r";
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);    // set the username and password
curl_setopt($curl, CURLOPT_URL, $query);                        // execute the query
$result = curl_exec($curl);
if ($result == false) {
        error_log("curl_exec threw error \"" . curl_error($curl) . "\" for $query");
                                                    // log error if curl exec fails
}
curl_close($curl);

print $result;

?>
As far as the following line:

Code:
$query = "https://127.0.0.1:2083/execute/Email/list_pops";
I recommend enabling the following option under the "System" tab in "WHM >> Tweak Settings":

cPanel & WHM API shell (for developers)

This will allow you to access the "API Shell" option from within cPanel for an account with reseller privileges (you can create a test account for this purpose). The API Shell option in cPanel will help you formulate the correct URL.
Thank you so much.
Please I really need your help with these issues:

Please am on VPS hosting. And I wish to use it to create sites for client using cpanel and WHM api.

1.How can I make my server secure for production, I.e hosting site for my clients.

Or better still what are the basic settings in need to put in place in WHM for my server to be secure considering that I should be able to use cpanel and WHM api.

3. If I signup for the vps using mysite.com for example, I found out that in mysite.com I can use the WHM api1 to create cpanel accounts, following the Tweak setting you mentioned above. But I will need more than one skeleton directory, that necessitated my need to create a reseller. But i was unable to locate /root/cpanel-skel-3 in neither mysite.com nor its reseller. How can I solve this issue?
And must I only run this WHM api in mysite.com can I run it in another site I created maybe a reseller, and then provide the root hash?

Thanks you so much for your assistance. I appreciate.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
1.How can I make my server secure for production, I.e hosting site for my clients.

Or better still what are the basic settings in need to put in place in WHM for my server to be secure considering that I should be able to use cpanel and WHM api.
The following document is a good place to start:

Tips to Make Your Server More Secure - cPanel Knowledge Base - cPanel Documentation

3. If I signup for the vps using mysite.com for example, I found out that in mysite.com I can use the WHM api1 to create cpanel accounts, following the Tweak setting you mentioned above. But I will need more than one skeleton directory, that necessitated my need to create a reseller. But i was unable to locate /root/cpanel-skel-3 in neither mysite.com nor its reseller. How can I solve this issue?
And must I only run this WHM api in mysite.com can I run it in another site I created maybe a reseller, and then provide the root hash?
You can run WHM API 1 functions as root or as a reseller, as long as the the reseller has the corresponding feature assigned as a privilege. The reseller skeleton directory is located in a separate location compared to the root skeleton directory:

/home/resellerusername/cpanel3-skel/public_html/

This is documented at:

Skeleton Directory - Version 70 Documentation - cPanel Documentation

Thank you.
 

CFelix

Member
Nov 3, 2017
8
0
1
Africa
cPanel Access Level
Website Owner
Hello thank you for your response, it was very helpful.

I am trying to use the fileman::upload_files function, the tutorial at Tutorial - Use UAPI's Fileman::upload_files Function in Custom Code - Developer Documentation - cPanel Documentation worked perfect for me.
but i have the following concerns:

- Using the tutorial for my needs will make me store cpanel password say in db which is not a secure approach for me.
- Am trying to call that function from WHM just like i have been doing to others with success, but for this fileman::upload_files function, i keep getting "You must specify at least one file to upload."

I have read through the forum about fileman::upload_files function i found some users with the same issue for whose case has not been solved.

Now my questions are:
- Is there a way to make the tutorial at Tutorial - Use UAPI's Fileman::upload_files Function in Custom Code - Developer Documentation - cPanel Documentation, to use another form of authentication that will not require the use of cpanel password?
- Why is the function not working in WHM api call?

Am thinking that why this function is not working when called through WHM could be related to the authentication, though i could be wrong, but what could be the possible solution.

Regards
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
- Am trying to call that function from WHM just like i have been doing to others with success, but for this fileman::upload_files function, i keep getting "You must specify at least one file to upload."
Hello,

This was brought up in the past as part of an internal case (CPANEL-2806). Here's the response from Development:

This is by design. We disallow file uploads since the form is parsed (and the file stored in a temporary file) before privileges are dropped. When we go to actually run the function call as the user, the file is not accessible. We have to parse the form before dropping privileges in order to know what user we need to run as.
You'd need to run that UAPI function as the cPanel user. The Single Sign On method would allow you to authenticate as the cPanel user without using the account password:

Guide to API Authentication - Single Sign On - Developer Documentation - cPanel Documentation
WHM API 1 Functions - create_user_session - Developer Documentation - cPanel Documentation

Thank you.