Skip to main content
cPanel Technical Support has been heavily impacted by hurricane Beryl and our ability to respond to tickets has been hindered as a result. We appreciate your understanding and patience as we address these delays.

Problem with permissions for showbw API call



  • cPRex Jurassic Moderator

    Hey there!  I setup a test environment to perform this work and I wasn't able to reproduce the issue.  I did make sure to only include the "Initial Privileges" and "Account Information" boxes in the token so it was properly limited.

    I used the curl option for simpler testing than using it inside a script of some sort, with this code:

    curl -H 'Authorization: whm root:TOKENGOESHERE' ''

    and got the following result I expected:

    {"data":{"reseller":"root","acct":[{"owner":"root","totalbytes":619359201,"bwlimited":0,"bwusage":[{"deleted":0,"usage":"618748202","domain":""}],"deleted":0,"limit":"unlimited","reseller":0,"user":"username","maindomain":""},{"bwusage":[{"domain":"","deleted":0,"usage":"1200463337"}],"deleted":0,"totalbytes":1200463337,"owner":"root","bwlimited":0,"limit":"unlimited","user":"username","maindomain":"","reseller":0},{"limit":"unlimited","reseller":0,"maindomain":"","user":"username","bwlimited":0,"owner":"root","totalbytes":10822414,"bwusage":[{"domain":"","usage":0,"deleted":1},{"usage":"10260646","deleted":0,"domain":""},{"deleted":1,"usage":"184916","domain":""},{"deleted":0,"usage":0,"domain":""},{"usage":"198651","deleted":0,"domain":""}],"deleted":0}],"totalused":"1830644952","month":2,"year":2024},"metadata":{"reason":"OK","command":"showbw","result":1,"version":1}}[root@10-2-35-26 ~]# 

    If you'd like to create a ticket we could do some more testing directly in your environment to see if we could reproduce this on your machine.

  • Patrick Mallison

    Thanks for taking the time to try and recreate the problem,  I am using a PHP script but took your advice to keep it simple with curl but still got any empty result


    However, seeing that result on the command line rather than buried in my script, the word 'reseller' jumped out at me.   I realised that all the accounts in my servers are owned by reseller accounts rather than root.  I changed the ownership of some accounts and the API worked.

    Not sure I agree with the logic that prevents a root account getting to this data but luckily I'm able to login to the API with each of the reseller accounts so I can achieve my objective with the API.

    Many thanks for your help.

  • cPRex Jurassic Moderator

    I'm glad I could help point you in the right direction, at least!  Are you saying the call did not work on an account owned by a reseller?

  • Patrick Mallison

    That's right, not when the call is made with a root-owned token.   It does work with a token generated by the reseller though.


Please sign in to leave a comment.