The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

XML-API is any of these possible?

Discussion in 'cPanel Developers' started by neo4242002, Mar 15, 2008.

  1. neo4242002

    neo4242002 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    I have a client own 16 cPanel servers (and growing). The client has a dedicate developer team who build some web applications for his customers. He needs a solution where he doesn’t want to share cPanel main password with developer team. But developer team still need to give access to MySQL functions (like, create, delete and change user privilege) , cPanel phpmyadmin interface , access to “public_html” via FTP (this we can do easily) and change cPanel main password from another interface when he needs.

    I was thinking to develop a new application interface using cPanel XML-API for his needs. But these are my questions.

    A) Is there way cPanel can have another cPanel user account with less privilege to access Panel resources? In my case “developer” user but only has access to MySQL and FTP.

    B) Is there any API to reset cPanel main password?

    C) Do I need to use any “Access Key” (like WHM key) with XML- API?

    D) What will be my cPanel API URL looks like for www.myclient.tld? (for particular function)

    E) Is it possible to access cPanel version of phpmyadmin interface from our application? Or is there way to access cPanel database from our own instance of phpmyadmin?

    F) If we able to develop this kind of application, do we have to install it on every cPanel server this client own? or can we access all his cPanel servers remotely from one server?

    I really don’t want to disappoint this client; any cPanel stuff support would be really appreciated on this regard. (Even undocumented API, please PM me.)
     
  2. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    I assume by "cPanel main password" you actually mean the server's root password. In that case, you can setup additional root-level reseller accounts that the developers can use, so the root password isn't known by the developers. This will also grant the developers full access to cPanel/WHM but not the server itself (by default).

    You can change cPanel account passwords, but changing the root password is not something I believe the API can do at this time.

    The developers can use the access key/hash from their own WHM account in the XML-API.

    cPanel API1 and API2 are not XML-based/URL-based APIs. They are a series of modules::functions you can call.

    Many individuals use their own phpMyAdmin instances to administer their cPanel databases. Just be very careful regarding security if you choose this route.

    You can create one central script to access all your cPanel/WHM servers. However, note that the access key will likely be different for each server.

    There are many undocumented APIs at the moment (not so much with the XML-API as API1 and API2). Since the X3 theme is based off these undocumented APIs, determining how to use the APIs really is simply a matter of looking at the APIs the X3 theme calls to perform its tasks. You can find the files for the X3 theme in /usr/local/cpanel/base/frontend/x3.
     
  3. neo4242002

    neo4242002 Well-Known Member

    Joined:
    Jun 28, 2005
    Messages:
    119
    Likes Received:
    0
    Trophy Points:
    16
    David, Thank you very much for the answers to all my questions.:)

    No I meant to say, cPanel password on each domain. Ex: mydomain.tld/cpanel . So what is the API for change cPanel password and any tutorial links will be appreciated. (cPanel forum now too big to search something ;)

    Okay Great!, So any sample how to use access key/hash in my php scripts? Also I guess key/ hash only need to WHM API and no need for cPanel API call?

    Well... its confusing me :(. So why do you call XML-API in your documentation? Also how do I call local modules or functions remotely through my PHP scripts? ex: mydomain.tld in server A and my new interface host in server B. If it was just a URL I could have just call something like this...

    PHP:
    http://username:password@mydomain.tld:2082/xml-api/funtionname&para1=value&para2=value
    I thought this is how I call cPanle XML-API from my scripts. please correct me or direct me to a proper sample code URL

    If I have no way to access cPanel phpmyadmin instance outside the cPanel, then I mostly need to use this method. Do you have specific URLs regarding these security issues?
     
  4. cPanelDavidG

    cPanelDavidG Technical Product Specialist

    Joined:
    Nov 29, 2006
    Messages:
    11,279
    Likes Received:
    8
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Actually, there is an XML-API function for that:

    http://www.cpanel.net/plugins/xmlapi/passwd.html

    Code sample at: http://forums.cpanel.net/showpost.php?p=322538&postcount=6

    You will need to call cPanel APIs (API1 and API2) via the XML-API if you are not building a Plug-in. The WHM API, also known as cPanel::Accounting, is antiquated (though still supported) and has been essentially replaced by the XML-API.

    There is a significant difference in syntax between API2 and XML-API. Just look at the documentation yourself:

    http://www.cPanel.net/plugins/devel

    API2 can be called from the XML-API. This is done so programs that aren't cPanel plugins (embedded in cPanel) can call API2 functions as well.

    Note, XML-API calls must be routed through the WHM ports, not the cPanel ports :)2086, :2087). The XML-API requires a minimum of reseller access. Even then, you are limited to the privileges of your account.

    The issue is so obvious, I doubt there's any documentation. Letting anyone edit your databases without needing to enter any passwords is a very bad idea. At the very least, one should protect it with .htaccess.
     
Loading...

Share This Page