This documentation is for cPanel & WHM version 70 CURRENT builds. The "RELEASE" version of our documentation can be found in the Version 68 Documentation space.
(WHM >> Home >> Development >> Manage API Tokens)
The Manage API Tokens interface allows you to create, list, update, and revoke API tokens. This interface also allows you to assign Access Control List (ACL) privileges to API tokens.
API tokens allow you to log in to the server without the need for a password. You can use an API token to authenticate with WHM’s remote API. This is useful, for example, to allow a reseller or third-party developer to run API function calls with your account's data.
- If you change a cPanel account's username in WHM's Modify an Account interface (WHM >> Home >> Accounts >> Modify an Account), any API tokens associated with that account will continue to function.
- If you delete a cPanel account, the system automatically revokes the account's API tokens.
The API Tokens table
The API Tokens table contains the following information:
|Name||The API token's name.|
|Created||The time that you created the API token, in the |
To search for an API token, enter a term in the Search text box. The interface automatically filters the API token names as you type.
To refresh the API tokens list, click the gear icon () next to the Actions column heading and click Refresh List.
Create an API token
To create an API token, perform the following steps:
- Click Generate Token. The Generate API Token form will appear.
Enter a name for the API token in the Name text box.
An API token name can only contain up to 50 alphanumeric characters, dashes (
-), and underscores (
Under the Privileges heading, deselect the checkbox for each privilege that you do not wish to assign to the token.
For more information about privileges, read our Edit Reseller Nameservers and Privileges documentation.
- You must assign at least one ACL privilege to the token.
Only the privileges that the user possesses will appear under the Privileges heading.
- The Change Password privilege allows an API token user to change account passwords and log in with a new password.
- The Create User Session and Manage API Tokens privileges allow an API token user to bypass any restrictions that you set on the API token.
Click Generate. The new API token hash and its name will appear.
Make certain that you save your API token in a safe location on your workstation. You cannot access the token after you navigate away from the interface or refresh the API Tokens table.
Click Yes, I saved my token. The new API token and its creation time will appear in the API Tokens list.
Edit an API token
To edit an API token, perform the following steps:
- Locate the API token that you want to edit in the API Tokens list.
- Under the Actions column, click Edit. The Edit API Token form will appear.
Change the API token's name, ACL privileges, or both, and click Save. A success message will appear in the upper-right corner of the interface.
You must assign at least one ACL privilege to the token.
Revoke an API token
To revoke an API token, perform the following steps:
If you revoke an API token, any script or account that uses that API token will no longer function.
- Locate the API token that you want to revoke in the API Tokens list.
- Under the Actions column, click Revoke. A confirmation message will appear.
- Click Continue to revoke the token. A success message will appear in the upper-right corner of the interface.
To revoke all of your account's API tokens, click the gear icon () and click Revoke All.