What are recomended setting for Cpanel API

[vincent_g]

Cpanel has changed the API but WHMCS has not updated it's documentation not have they posted a update to the new API settings in WHM.
And this new API has a lot of settings that need to be checked in order to work with WHMCS.

So my question is what is the recommended settings for WHM?

We can give all which may not be so secure.
Everything works fine with that.

I'm sure giving everything is not needed so what is all that we need without having something in WHMCS error due to API setting not being checked off.

I think it's about time WHMCS puts out documentation for it.

[WHMCS ChrisD]

@vincent_g our documentation was updated some time ago to recommend the setting per https://docs.whmcs.com/CPanel/WHM#API_Token_Permissions

 

API Token Permissions

With API Tokens for cPanel/WHM, it is possible to restrict what actions an API Token can perform. For WHMCS to be able to perform all the operations it supports, the following permissions are required:

basic-whm-functions	basic-system-info	cpanel-api
create-acct	create-user-session	suspend-acct
upgrade-acct	kill-acct	passwd
acct-summary	list-accts	show-bandwidth
cpanel-integration	list-pkgs	ns-config
edit-mx	manage-api-tokens	ssl-gencrt

When using the Configurable Package Addon, the "edit-account" permission will need to be enabled. For reseller products, the "Everything" permission needs to be enabled as the reseller API functions on a cPanel server require root access to work.

 

[vincent_g]

You answer is outdated which is from the current documentation.
Have you seen the new API screens in WHM?

Account Summary acct-summary
Initial Privileges
Basic System Information basic-system-info
Basic WHM Functions basic-whm-functions
Allow CORS HTTP Requests cors-proxy-get
Perform cPanel API and UAPI functions through the WHM API cpanel-api
Manage cPanel Integration Links cpanel-integration
Create User Session create-user-session
Digest Authentication digest-auth
Generate Mobile Email Configurations generate-email-config
List Packages list-pkgs
Manage API Tokens manage-api-tokens
Manage DNS Records manage-dns-records
Manage OpenID Connect manage-oidc
Manage Styles manage-styles
MySQL Information mysql-info
Nameserver Configuration ns-config
Public Contact Information public-contact
SSL Information ssl-info
Account Information Standard Privileges
List Accounts list-accts
View Account Bandwidth Usage show-bandwidth
Account Management Standard Privileges
Create Accounts create-acct
Terminate Accounts kill-acct
Suspend/Unsuspend Accounts suspend-acct
Upgrade/Downgrade Accounts upgrade-account
SSL Site Management ssl
Purchase SSL Certificates ssl-buy
SSL CSR/Certificate Generator ssl-gencrt
Edit MX Entries edit-mx
Change Passwords passwd
File and Directory Restoration file-restore
DNS Standard Privileges
Add DNS Zones create-dns
Remove DNS Zones kill-dns
Park DNS Zones park-dns
Edit DNS Zones edit-dns
Packages Standard Privileges
Add/Remove Packages add-pkg
Edit Packages edit-pkg
Third-Party Services Standard Privileges
Manage Third-Party Services thirdparty
Troubleshooting Standard Privileges
Troubleshoot Mail Delivery mailcheck
cPanel Management Standard Privileges
News Modification news
Accounts Package Privileges
Allow Creation of Accounts with Shell Access allow-shell
Package Access Package Privileges
Use Root Packages viewglobalpackages Reseller-specific packages contain a “_” in their name, but root packages do not contain a “_”.
Package Creation Package Privileges
Create Packages with Addon Domains allow-addoncreate
Create Packages with Parked (Alias) Domains allow-parkedcreate
Create Packages with a Dedicated IP Address add-pkg-ip
Create Packages with Shell Access add-pkg-shell
Create Packages with Unlimited Features (for example, email accounts) allow-unlimited-pkgs
Create Packages with Custom Email Limits allow-emaillimits-pkgs
Create Packages with Unlimited Disk Usage allow-unlimited-disk-pkgs
Create Packages with Unlimited Bandwidth allow-unlimited-bw-pkgs
Third Party Services Additional Software
ConfigServer Security & Firewall (Reseller UI) software-ConfigServer-csf
Server Information Global Privileges
View Server Status status
View Server Information stats
Services Global Privileges
Restart Services restart
Troubleshooting Global Privileges
Resynchronize FTP Passwords resftp
Account Management Super Privileges
Account Modification edit-account
Bandwidth Limit Modification limit-bandwidth
Quota Modification quota
Set an Account to be a Demo Account demo-setup
Advanced Account Management Super Privileges
Rearrange Accounts rearrange-accts Use this to optimize disk usage across disk drives.
Clustering Super Privileges
DNS Clustering clustering
Locales Super Privileges
Modify & Create Locales locale-edit
Everything Root Access
All Features all
Track Email track-email

That is the features that you can enable or disable.

Please don't show me something that is outdated and tell me what is currently the settings recommended based on new API WHM has created.

 

 

[WHMCS ChrisD]

Yes, I have seen the API token screens @vincent_g and if you refer to the text in Red next to each line you will see the command names which is what we have noted in our documentation, however, the ones to have ticked for WHMCS are:

 

Initial Privileges

• Basic WHM Functions basic-whm-functions 
• Account Summary acct-summary
• Manage cPanel Integration Links cpanel-integration
• Basic System Information basic-system-info
• Create User Session create-user-session
• List Packages list-pkgs
• Manage API Tokens manage-api-token
• Perform cPanel API and UAPI functions through the WHM API cpanel-api
• Nameserver Configuration ns-config

Account Management

 

• Create Accounts create-acct
• Upgrade/Downgrade Accounts upgrade-account
• Edit MX Entries edit-mx
• Terminate Accounts kill-acct
• Suspend/Unsuspend Accounts suspend-acct
• Change Passwords passwd
• SSL CSR/Certificate Generator ssl-gencrt

 

Account Information

• List Accounts list-accts
• View Account Bandwidth Usage show-bandwidth

At this stage that should be everything you require enabled, I will let you know should there need to be any other ones added

[Shivansh]

 This is must for Automation, We also enable all permission to cpanel API for whmcs because whmcs is trusted and better Software to manage our billing and automation

<removed duplicated content>

[MelanieS]

I have found that if I follow the guidelines as mentioned above, what happens for my customers is that after placing an order and checking out - the button keeps on spinning and in WHMCS if I manually accept an order - I get an Oops error. In fact my whole WHMCS appears then to be frozen, so there must be more permissions that need to be set than just those as mentioned above.

[steven99]

What is the actual error in the oops error?  If you enable WHMCS admin -> Setup menu -> General Settings -> Other tab -> Display Errors, it will show you the actual error.  Finding out the actual error could help to determine what permission is needed for example.