How to Manage API Tokens in cPanel

Introduction

At Lanetti, we recognize the importance of managing your cPanel account securely and efficiently. API tokens are used to authenticate and interact with your cPanel account programmatically via third-party applications or scripts. By generating and managing API tokens, you can give external services the access they need without compromising your login credentials. This guide will help you create, manage, and revoke API tokens in cPanel.

What Are API Tokens?

API tokens are unique strings that allow external systems or applications to securely interact with your cPanel account. Unlike using your cPanel username and password, API tokens provide a more secure method for automated tasks, such as:

• Integrating with external apps like backups or billing systems.
• Automating website management tasks via scripts.
• Accessing cPanel features via API calls.

How to Create an API Token in cPanel

Step 1: Log in to Your cPanel

1. Open your browser and navigate to your cPanel login page (e.g., https://yourdomain.com/cpanel).
2. Enter your username and password, then click Log in.

Step 2: Access the API Tokens Tool

1. In the cPanel dashboard, locate the Security section.
2. Click on API Tokens.

Step 3: Generate a New API Token

1. In the API Tokens page, click Generate New Token.
2. Name the Token: Enter a descriptive name for the API token to help identify its purpose (e.g., "Backup Script Access").
3. Set Permissions:
   • Choose the permissions you want to grant the token. These permissions define the actions the API token can perform. You can set permissions for tasks such as managing files, accessing email settings, or managing databases.
   • For specific use cases, only grant the minimum required permissions to ensure security.
4. Click Generate Token.

Step 4: Copy the API Token

• Once the token is generated, copy the token and store it in a secure location. You will not be able to see the token again once you leave the page.
• Use this token for API authentication in external applications or scripts.

How to View, Manage, and Revoke API Tokens

View Existing API Tokens

1. On the API Tokens page, you will see a list of all generated tokens.
2. You can view the token name and associated permissions for each token.

Edit API Token Permissions

• To modify the permissions for an existing API token, click Edit next to the token.
• Adjust the permissions as needed and click Save.

Revoke an API Token

1. If you need to disable or remove an API token, click Revoke next to the token.
2. Once revoked, the token will no longer work for API authentication.

Security Considerations

• Limit Token Permissions: Always give API tokens the least amount of access necessary. For example, if the token is only needed for backup tasks, don’t grant access to email or database settings.
• Store Tokens Securely: Never share your API tokens in unsecured places. They should be treated like passwords.
• Revoking Unused Tokens: If you no longer need a token or suspect it has been compromised, revoke it immediately.

Use Case Examples for API Tokens

1. Backup Automation: Create an API token with permission to manage backups and use it in scripts to automate backups to remote servers.
2. Third-Party App Integration: Integrate with third-party services such as cloud storage or content delivery networks (CDNs) by providing API tokens for secure communication with cPanel.
3. Automating Email Management: Use an API token to automate the creation of email accounts or manage email filters via external applications.