WHM > Development > Manage API Tokens | Anyway to know what is active?

Sonny

August 26, 2022 12:10

I was replacing old DNSOnly servers and ran in to an issue - I added and deleted servers several times. After I finally had an end result I was happy with; I found a lot of reverse_trust_* entry in WHM > Development > Manage API Tokens I have several and I would like to revoke the tokens that are not really in use... Anyone know if there is a script or way to check the tokens for active and inactive status or a way to easily figure out what you can revoke without breaking everything? Thanks, Sonny

Comments

5 comments

cPRex Jurassic Moderator

August 26, 2022 19:20
Hey there! No, there's not a way to do that. The server doesn't necessarily "know" if they are being used or not, as they are just available. The connection is dynamic, so there isn't a certain process or ID that would show them as being in use. When the DNS system syncs, it uses the token as necessary.
0
Sonny

August 26, 2022 19:59
Seems like a security issue having a bunch of reverse_trust there.. I wonder why they don't generate the reverse trust with the name of the server issuing the trust And then away to identify last time it was used for access or something? I like removing stuff that don't need to be there and knowing why something is there.. I have like 15 entries about the same time frame so don't know what to safely delete.. Seems like something should log somewhere - what it uses to authenticate - where, Hmm..
0
PeteS

January 30, 2023 19:46
Hey there! No, there's not a way to do that. The server doesn't necessarily "know" if they are being used or not, as they are just available. The connection is dynamic, so there isn't a certain process or ID that would show them as being in use. When the DNS system syncs, it uses the token as necessary.

I found this... Access the token log and you can see token usage by IP: /usr/local/cpanel/logs/api_tokens_log # cat /usr/local/cpanel/logs/api_tokens_log | grep 'Host:.*],' -o | sort | uniq -d
0
cPRex Jurassic Moderator

January 30, 2023 20:15
Creating the tokens is discussed here: only use API tokens with the following features:
- DNS clusters
- so you already have to be using them for one of those three things. If you go to WHM >> Manage Tokens you can see the full list, and clicking "edit" will show you what permissions are assigned to that token. Reviewing those permissions *should* be enough to tell what the purpose of the token is to the server admin. Is that what you're looking to find out?
0
PeteS

January 30, 2023 20:45
Creating the tokens is discussed here: only use API tokens with the following features:

DNS clusters

so you already have to be using them for one of those three things. If you go to WHM >> Manage Tokens you can see the full list, and clicking "edit" will show you what permissions are assigned to that token. Reviewing those permissions *should* be enough to tell what the purpose of the token is to the server admin. Is that what you're looking to find out?
If you were replying to my post... Sorry, apparently I was editing while you were replying. I removed my comments about ways of figuring out the purpose of each token and by which server it is used, and posted my solution. I found another forum post (linked above) that has information which helped me sort it out via the CLI. To get which tokens are used by whom: # cat /usr/local/cpanel/logs/api_tokens_log | grep 'Host:.*],' -o | sort | uniq -d To get both the purpose and by whom: # cat /usr/local/cpanel/logs/api_tokens_log | grep 'Host:.*' -o | sort | uniq -d
0

Please sign in to leave a comment.

Comments

Didn't find what you were looking for?