Where are failed logs stored for invalid API token connection attempts?


Well-Known Member
Mar 25, 2002
Hi All,

I'm experimenting with a cURL API token connection attempt from my local Windows PC to one of our WHM servers.

I can see successful connections being logged here, no problem.


But when I deliberately make an invalid attempt (e.g. I change the API token to an invalid one), this does NOT get logged to the api_tokens_log.

Which suggests either:

1. We need to enable some sort of extended/enhanced logging for api_tokens_log to also show failed connection attempts, or
2. I'm looking in the wrong log file.

Either way, what I really hope to achieve is logging that gives clarity to the REASON why the connection attempt is unsuccessful. This is to help us debug some remote software that used to successfully connect to one of our WHM servers, but stopped for reasons unknown.

Last edited by a moderator:


Feb 16, 2023
cPanel Access Level
Root Administrator
There's a few other logs you can see API login failures in, which one you read really depends on what format you think is easier to work with/gives you the data you want.

Access Log:
Located at /usr/local/cpanel/logs/access_log. In the case of local API usage, the log line would look something like
Code: - root [08/12/2023:00:04:07 -0000] "GET /json-api/version HTTP/1.1" 403 0 "-" "-" "a" "-" 2087
Login Log:
Located at /usr/local/cpanel/logs/login_log. Entries look something like:
[2023-04-10 05:01:21 +0000] info [whostmgrd] - root "POST /json-api/version HTTP/1.1" FAILED LOGIN whostmgrd: login attempt to WHM with bad accesshash or API token
These examples were taken from a testing host I have had up, so it had plenty of good examples for me to choose from. Based on your requirements, I'd suspect you want to check the login_log.

Hope this helps!