Introduction

The Manage API Tokens tool in cPanel allows you to generate secure, restricted-access tokens that can be used to authenticate API requests. Instead of using your root or account password, API tokens provide a safer and more flexible way to grant third-party tools, scripts, or apps access to cPanel functionality — with precise control over what each token can do.

This article explains how to generate, configure, and manage API tokens in cPanel.

Why Use API Tokens?

API Tokens help you:

  • Avoid sharing your actual cPanel password

  • Securely automate hosting tasks (like creating email accounts, managing domains, etc.)

  • Grant limited access to specific users, scripts, or software

  • Revoke access at any time without affecting your account login

  • Maintain better logging and audit trails

How to Access API Token Management

  1. Log in to your cPanel account

  2. Scroll down to the Security section

  3. Click on Manage API Tokens

How to Create a New API Token

  1. Click the "Create" button at the top right

  2. Enter a descriptive name for the token (e.g., “backup_script” or “email_bot”)

  3. (Optional) Set an expiration date to automatically deactivate the token later

  4. Under Permissions, choose:

    • Full Access – Grants access to all API functions

    • Restricted Access – Allows you to select only the specific features or modules the token can access

      • You can limit access to files, emails, DNS, databases, etc.

  5. Click Create

cPanel will generate a token string — copy and save it immediately, as it won’t be shown again.

How to Use the API Token

The token can be used in API requests by setting it in the HTTP headers:

h
CopyEdit
Authorization: cpanel username:API_token

Or for WHM-compatible tools:

http
CopyEdit
Authorization: whm username:API_token

This enables secure access to cPanel’s UAPI or cPanel API 2 interfaces for automation or integration with hosting management platforms.

Managing Existing Tokens

In the Manage API Tokens interface:

  • View a list of all active tokens, their creation date, and permissions

  • Revoke tokens instantly to terminate access

  • Edit token descriptions or regenerate them if compromised

Best Practices

  • Use restricted permissions — only grant access to what's necessary

  • Set expiration dates for short-term integrations or testing

  • Label tokens clearly based on their use or integration

  • Revoke tokens when no longer needed or if compromised

  • Avoid giving multiple tools the same token — create a separate one for each

Security Notes

  • Keep tokens private and secure — they work like passwords for APIs

  • Use HTTPS for all API calls to prevent interception

  • If you lose a token, revoke it and generate a new one

Conclusion

The Manage API Tokens tool in cPanel is a modern, secure way to allow programmatic access to your hosting account. Whether you're building custom scripts, integrating third-party apps, or automating tasks, API tokens ensure you do so safely, with full control over permissions and access.

Was this answer helpful? 0 Users Found This Useful (0 Votes)

Most Popular Articles

How to Install Let’s Encrypt SSL in cPanel

Introduction Let’s Encrypt is a free, automated, and trusted certificate authority (CA) that...
How to Manage SSL/TLS in cPanel

Introduction The SSL/TLS interface in cPanel allows you to manage Secure Sockets Layer (SSL)...
How to Set Up Two-Factor Authentication (2FA) in cPanel

Introduction Two-Factor Authentication (2FA) is a security feature that adds an extra layer of...
How to Use Hotlink Protection in cPanel

Introduction Hotlink Protection in cPanel is a tool that prevents other websites from directly...
How to Use Leech Protection in cPanel

Introduction Leech Protection in cPanel helps secure password-protected directories from...