Introduction
cPanel provides a way to limit Reseller accounts and API tokens so that the user of the reseller account or API token can only make use of certain API commands or features in WHM.
In order to determine what permissions are required to make use of a certain API endpoint or WHM feature, you just need to review the available permissions, remove all that do not appear to be related, and then test the user or API token to verify that your permission set achieves your desired outcome.
To Limit API Tokens
1. Login to WHM as the root user
2. Navigate to: Home »Development »Manage API Tokens
3. Click the blue "Generate Token" button
4. Enter a name for your token
5. Uncheck all of the options to remove all access
6. Only enable the specific permissions that seem most related to the function that you want to allow
7. Click the blue Save button
8. Copy the resulting token and use it in your API call to see if the permissions you selected worked
9. If the API call failed with a permissions error, you can log back into WHM and go back to the Manage API Tokens interface, click on the Edit button for that token, and adjust the permissions until you get the right combination.
To Limit Reseller Accounts
1. Login to WHM as the root user
2. Navigate to: Home »Resellers »Edit Reseller Nameservers and Privileges
3. Select your reseller user (If you only have one, this step is skipped automatically for you)
4. Under the "Feature Limits (ACL Lists)" section remove all permissions
5. Add only the permissions that the reseller should need
6. Optionally save your permission selections as an ACL that can be reused again later with: Save selections as a new ACL list
7. Scroll to the bottom and click "Save All Settings"
8. Login to WHM as the reseller user that you just modified and test the features to see if the limits are sufficient
9. If they are not sufficient, login to WHM as the root user again, and then update the permissions until you get your desired outcome