Skip to main content

Migration to API Token

shazde
Hi, We have some plugins that use .accesshash file to authenticate as a user and make API calls. The way this works is that if there is no .accesshash file in the user home directory we generate the file and then use the content to authenticate against WHM. Unfortunately with whm 66 there .accesshash is now disabled and we have to use API Tokens. I have checked all the documentation and it seems the only way to generate API token is to do that manually which is not helpful at all. How can we generate API tokens on our WHM server for each one of the users automatically ?

Comments

7 comments

Date Votes
  • Travis
    Hello Shazde, We deprecated Access Hashes because they had some security concerns we wanted to address. You can generate an API Token through the API using the create api_token_create call: WHM API 1 Functions - api_token_create - Software Development Kit - cPanel Documentation A few big differences between the Access Hash system and the API Token are: [LIST]
  • Keys are no longer stored in plaintext
  • Keys are no longer stored in the users home directory
  • When a key is created the key is displayed just once. After which is stored in a nonreversible encrypted format. You will be unable to see the key again, so please store it somewhere safe.
  • As of cPanel & WHM version 68, keys can be created with limited permissions (Manage API Tokens - Version 68 Documentation - cPanel Documentation) I hope this helps solve your issues. Please feel free to let me know if you need additional help!
    • 0
  • shazde
    Hi Travis, Thank you for your response. I have already checked that API and I do not think that does the job that we need unless I am missing something. With that API call we can create token for another user if we are already logged/authenticated as that user. What we need is a way for root user (which can already have its token setup manually) to create token for other users and then use those tokens to make API call as those users. Unless there is a way to pass username to that api call which is not documented, I do not see how that can help. Can you please suggest a way to achieve our objective (which I assume is needed for any serious whm development)
    0
  • cPanelMichael
    What we need is a way for root user (which can already have its token setup manually) to create token for other users and then use those tokens to make API call as those users.

    Hi @shazde, If i understand correctly, you'd like to first authenticate as "root" to create an API token for another user. To do this, you'd simply use the following WHM API 1 function while authenticated as the "root" user: Keep in mind that you can only use API tokens with the following features at this time: WHM API functions DNS Clusters Configuration Clusters Thus, you can't authenticate with API tokens for the purpose of using UAPI or cPanel API 2 functions at this time, if that's your intention. Thank you.
    0
  • shazde
    Hi @cPanelMichael, Unfortunately that doesn't do the work. When I run
    whmapi1 api_token_create token_name=subway
    I get a token that is only valid for root and I can only use it to make calls as root. Making API calls with that token and changing the username the way it is suggested in that link does not work and get rejected.
    0
  • cPanelMichael
    Hello, Upon testing, it's true the "whmapi1 api_token_create" WHM API 1 command is only usable by the "root" user, and thus you can't use this WHM API 1 function to create an API token for a reseller user. You'd need to access WHM as the reseller user and browse to "WHM Home " Development " Manage API Tokens" to create an API token for a reseller. I recommend opening a feature request for the ability to create API tokens via the command line as non-root users if that's the functionality you are seeking: Submit A Feature Request Thank you.
    0
  • luissquall
    Hi, For anyone looking into this issue, someone open a feature request to add an username parameter to `api_token_create`: root to be able to manage all user's tokens with api_token functions
    0
  • shazde
    Unfortunately because of this cPanel API is no longer capable of doing most our automation needs and we had to stop upgrading cpanel versions. This is a very serious issue that an option get deprecated and yet no alternative is provided.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post