Turning Off Specific cPanel's API Token Privileges?

ThunderMax

Registered
Oct 26, 2020
1
0
1
Alabama
cPanel Access Level
Root Administrator
Hello all, new here. I've begun using UAPI & API2 on a remote website of mine for users to take actions like email creation, email password changes, subdomains, redirects, etc. I've got everything working with my cPanel token, but I don't like that the token I generated gives full control over that cPanel account.

So my question is, is there a way to limit the available functions an API token has at its disposal? For example to disable that token's ability to use the Mysql::delete_database function?

Best Regards,
Brandon
 

cPanelTJ

Product Owner
Staff member
Jan 29, 2019
90
44
93
Houston, TX
cPanel Access Level
Root Administrator
Twitter
Hi @ThunderMax ,

Currently API Tokens in cPanel provide access to all the features that the cPanel account has access to. So, if the account has access to the MySQL features, then so would any Tokens created by the account.

If we were to add any additional behavior that would allow Token access to be limited, would you prefer to set an allow list per available API function?
 
  • Like
Reactions: cPRex