WHM > Development > Manage API Tokens | Anyway to know what is active?

[Sonny]

I was replacing old DNSOnly servers and ran in to an issue - I added and deleted servers several times.

After I finally had an end result I was happy with; I found a lot of reverse_trust_* entry in WHM > Development > Manage API Tokens

I have several and I would like to revoke the tokens that are not really in use...

Anyone know if there is a script or way to check the tokens for active and inactive status or a way to easily figure out what you can revoke without breaking everything?

Thanks,
Sonny

 

[cPRex]

Hey there! No, there's not a way to do that. The server doesn't necessarily "know" if they are being used or not, as they are just available. The connection is dynamic, so there isn't a certain process or ID that would show them as being in use. When the DNS system syncs, it uses the token as necessary.

 

[Sonny]

Seems like a security issue having a bunch of reverse_trust there..

I wonder why they don't generate the reverse trust with the name of the server issuing the trust

And then away to identify last time it was used for access or something?

I like removing stuff that don't need to be there and knowing why something is there..

I have like 15 entries about the same time frame so don't know what to safely delete..

Seems like something should log somewhere - what it uses to authenticate - where,

Hmm..

 

[PeteS]

Hey there! No, there's not a way to do that. The server doesn't necessarily "know" if they are being used or not, as they are just available. The connection is dynamic, so there isn't a certain process or ID that would show them as being in use. When the DNS system syncs, it uses the token as necessary.

I found this... Is there a way to see a summary table of API Token privledges in WHM?

Access the token log and you can see token usage by IP: /usr/local/cpanel/logs/api_tokens_log

# cat /usr/local/cpanel/logs/api_tokens_log | grep 'Host:.*],' -o | sort | uniq -d

 

[cPRex]

Creating the tokens is discussed here:

Manage API Tokens in WHM | cPanel & WHM Documentation

This interface lets you to create, list, update, and revoke API tokens.

docs.cpanel.net

In the note box there, we say this:

"Currently, you can only use API tokens with the following features:

• WHM API functions
• DNS clusters
• Configuration clusters"

so you already have to be using them for one of those three things. If you go to WHM >> Manage Tokens you can see the full list, and clicking "edit" will show you what permissions are assigned to that token. Reviewing those permissions *should* be enough to tell what the purpose of the token is to the server admin.

Is that what you're looking to find out?

 

[PeteS]

Creating the tokens is discussed here:

Manage API Tokens in WHM | cPanel & WHM Documentation

This interface lets you to create, list, update, and revoke API tokens.

docs.cpanel.net

In the note box there, we say this:

"Currently, you can only use API tokens with the following features:

• WHM API functions
• DNS clusters
• Configuration clusters"

so you already have to be using them for one of those three things. If you go to WHM >> Manage Tokens you can see the full list, and clicking "edit" will show you what permissions are assigned to that token. Reviewing those permissions *should* be enough to tell what the purpose of the token is to the server admin.

Is that what you're looking to find out?

If you were replying to my post... Sorry, apparently I was editing while you were replying.

I removed my comments about ways of figuring out the purpose of each token and by which server it is used, and posted my solution. I found another forum post (linked above) that has information which helped me sort it out via the CLI.

To get which tokens are used by whom:
# cat /usr/local/cpanel/logs/api_tokens_log | grep 'Host:.*],' -o | sort | uniq -d

To get both the purpose and by whom:
# cat /usr/local/cpanel/logs/api_tokens_log | grep 'Host:.*' -o | sort | uniq -d