Child pages
  • Manage API Tokens in WHM
For cPanel & WHM version 80.

Skip to end of metadata
Go to start of metadata

(WHM >> Home >> Development >> Manage API Tokens)


The Manage API Tokens interface allows you to create, list, update, and revoke API tokens. This interface also allows you to assign Access Control List (ACL) privileges to API tokens.

You can use an API token to authenticate with WHM’s remote API. This is useful, for example, to allow a reseller or third-party developer to run API function calls with your account's data. 


  • The ability to assign privilege restrictions to API tokens is experimental and may change in future versions.

  • Currently, you can only use API tokens with the following features:
  • You cannot create an API token for a suspended account.


  • If you change a cPanel account's username in WHM's Modify an Account interface (WHM >> Home >> Accounts >> Modify an Account), any API tokens associated with that account will continue to function.
  • If you delete a cPanel account, the system automatically revokes the account's API tokens.

The API Tokens table

The API Tokens table contains the following information:

NameThe API token's name.
CreatedThe time that you created the API token, in the MM DD YYYY hh:mm:ss format.
  • Edit — Edit the API token.
  • Revoke — Revoke the API token.

To search for an API token, enter a term in the Search text box. The interface automatically filters the API token names as you type.

To refresh the API tokens list, click the gear icon () next to the Actions column heading and click Refresh List.

Create an API token

To create an API token, perform the following steps:

  1. Click Generate Token. The Generate API Token form will appear.
  2. Enter a name for the API token in the Name text box.


    An API token name can only contain up to 50 alphanumeric characters, dashes (-), and underscores (_).

  3. Under the Privileges heading, deselect the checkbox for each privilege that you do not wish to assign to the token. 

    For more information about privileges, read our Edit Reseller Nameservers and Privileges documentation.


    • You must assign at least one ACL privilege to the token.
    • Only the privileges that the user possesses will appear under the Privileges heading.


    • The Change Password privilege allows an API token user to change account passwords and log in with a new password.
    • The Create User Session and Manage API Tokens privileges allow an API token user to bypass any restrictions that you set on the API token.
  4. Click Generate. The new API token hash and its name will appear. 


    Make certain that you save your API token in a safe location on your workstation so you can use it with other features. You cannot access the token after you navigate away from the interface or refresh the API Tokens table.

  5. Click Yes, I saved my token. The new API token and its creation time will appear in the API Tokens list.


    For information about how to use the API token with API calls, read our Guide to API Authentication - API Tokens in WHM documentation.

Edit an API token

To edit an API token, perform the following steps:

  1. Locate the API token that you want to edit in the API Tokens list.
  2. Under the Actions column, click Edit. The Edit API Token form will appear.
  3. Change the API token's name, ACL privileges, or both, and click Save. A success message will appear in the upper-right corner of the interface.


    You must assign at least one ACL privilege to the token.

Revoke an API token

To revoke an API token, perform the following steps:


If you revoke an API token, any script or account that uses that API token will no longer function.

  1. Locate the API token that you want to revoke in the API Tokens list.
  2. Under the Actions column, click Revoke. A confirmation message will appear.
  3. Click Continue to revoke the token. A success message will appear in the upper-right corner of the interface.

To revoke all of your account's API tokens, click the gear icon () and click Revoke All.

Additional Documentation