The Single Sign On feature generates a temporary session to authenticate with cPanel & WHM. For example, this feature generates a temporary session whenever the
root user or a reseller uses the following methods to access a cPanel user's account:
- WHM's List Accounts interface (WHM >> Home >> Account Information >> List Accounts).
- WHM API 1's
Third-party applications with WHM access can use this feature to log in to cPanel accounts without the need to store their account passwords. The system automatically destroys the temporary session when it logs out or expires (sessions expire after 15 minutes of inactivity). This feature also creates temporary sessions when a cPanel user logs in to Webmail through the cPanel interface.
- We introduced this feature in cPanel & WHM version 11.40.
- API calls that use a method that includes a URL must use the correct port:
2082— Unsecure calls to cPanel's APIs.
2083— Secure calls to cPanel's APIs.
2086— Unsecure calls to WHM's APIs, or to cPanel's APIs via the WHM API.
2087— Secure calls to WHM's APIs, or to cPanel's APIs via the WHM API.
2095— Unsecure calls to cPanel's APIs via a Webmail session.
2096— Secure calls to cPanel's APIs via a Webmail session.
Function not founderrors if they use an incorrect port number.
- This document only includes cPanel & WHM authentication methods. For Manage2 authentication information, read our Guide to the Manage2 API documentation.
To use this method, perform the following steps:
- Call WHM API 1's
Send a GET request to the URL that the function returns as the
The session will not function until you send this request. The GET request to the login URL returns a cookie that must exist for subsequent API calls to authenticate successfully.
- Configure your script to use the temporary session ID and security token to access the account through either the API tokens or username and password methods.
Example Perl script
Example PHP script
The Single Sign On session log
Whenever the Single Sign On feature generates or destroys a temporary session, the system stores information to the Single Sign On session log:
The system logs the following types of entries:
NEW— The system logs a
NEWentry for each new temporary session.
PURGE— The system logs a
PURGEentry each time that it removes a temporary session.
NEW entries include the following information in a comma-separated list:
The session ID that the system created.
Unlike other log entry items, the session ID does not appear in
|A valid session ID.|
Click to view...
|The IP address that requested the session.||A valid IP address.|
|The application that created the session.||A valid application or service name.|
|The WHM account that created the session.||A valid WHM username.|
|The method through which the user created the session.|
|The path to the process that created the session.|
|Whether the session runs with another user's privileges (impersonation).|
PURGE entries include the session ID, and one of the following reason codes:
|The temporary session authentication failed.|
|The session expired.|
|The system stopped the session but did not provide a reason.|
|The creator logged in with a session token that the system destroyed when it created the new session.|
|The creator logged in successfully and the system created a new session.|
|The creator logged out.|
|WHM transferred the session to cPanel.|
|cPanel transferred the session to Webmail.|
|cPanel transferred the session to WHM.|