Setting up and using API Tokens in cPanel

cPanel Tutorials and How To Guides

Tips and tricks that will make managing your website easier

API tokens

Updated: January 3, 2025
By: RSH Web Editorial Staff

Contact Us


Menu

cPanel - Security - Manage API Tokens

API Tokens
This feature lets you create, list, update, and revoke API Tokens. This functionality is experimental and may change.

YouTube Video Tutorials - cPanel Manage API Tokens

The "cPanel Manage API Tokens" YouTube video tutorials explain how to create and manage API tokens within cPanel. Viewers learn to generate tokens for secure, programmatic access to their hosting account, enhancing automation and integration with third-party applications. This essential skill streamlines workflows and improves overall management efficiency.

You can issue API Tokens to allow others to run API functions with your account’s data.

For example, you could issue an API token to a reseller. The reseller could use that token to check disk usage.

IP Blocker

Note: API tokens run UAPI functions and cPanel API 2 functions, not cPanel API 1 functions.
Use API tokens to run API functions from the command line. For more information, read cPanels How to Use cPanel API Tokens documentation.
For more information about using API functions, read our Quickstart Development Guide documentation.

Create an API token

To create an API token, perform the following steps:

1) Click Create. The Create API Token interface will appear.

2) Enter a unique name in the API Token Name text box.

Note: An API token name can only contain up to 50 characters.
You can only enter letters (a - z and A - Z), numbers (0 - 9), dashes ( - ), and underscores ( _ ).

3) Select one of the following options from the Should the API Token Expire? section:
The API Token will not expire. - This will create a token that does not have an expiration date.
Specify an expiration date. - This allows you to create a token that expires on a specific date. By default, tokens expire one year from the current date. When you select this option, the interface displays the API Token Expiration Date section. Use the the calendar icon (Calendar) to open a calendar to select a desired expiration date. You can also enter a custom date in the calendar text box, in YYYY-MM-DD format. The token will expire on the date you select at 23:59:59, server time.

Important: You cannot edit an API token expiration date after creation.
When an API token expires, the system will not remove it. You must manually delete an API token.

4) Click Create. A new interface will appear.

5) To copy the API token, click Copy. Think of this token like a password. You must enter this token each time that you use it.

Warning: You cannot access the token after you navigate away from the interface. If you forget or misplace this token, you must revoke the token and then create a new one.

6) Click Yes, I Saved My Token.

To create a new token, select the Create another token after I click Yes, I saved my token checkbox.

To return to the List API Tokens interface, deselect the Create another token after I click Yes, I saved my token checkbox.

The API tokens table

This table displays all of your API tokens. You can perform the following functions:

To display more API tokens per page, click the gear icon (Gear) and then select a number.

To revoke multiple tokens:

1) Select the checkboxes for each token to revoke. Select the checkbox at the top of the table to select every token.

2) Click Revoke. A confirmation message will appear.

3) Click Revoke Selected API Tokens.

The API tokens table contains the following information:
Token Name - The API token’s name.
Created - The date and time that you created the API token.
Expires - If an API token expires, the date and time on which the token will expire:
When an API token will soon expire, the interface displays its entry row in yellow. It also displays a notice icon (Notice).
The interface displays expired API token entry rows in red. It also displays a notice icon (Notice).

When API tokens expire, the system does not remove them. You must manually delete expired API tokens.
Manage - Click Manage to open a new interface where you can perform the following actions:
Rename Token - Assign a new name for the token.
Revoke the Token - Delete the token, and prevent it from accessing the server or any API functions.

Manage an API token

To manage an API token, locate the token in the API Tokens table and then click Manage. The Manage API Token interface will appear.

Rename Token

To assign a new name for the token, enter a new name in the New API Token Name text box. Then click Update.

Revoke the Token

Warning: If you revoke an API token, users will not be able to run any scripts or API functions using that token.

To revoke an API token:

1) Click Revoke. A confirmation message will appear.

2) Click Yes, Revoke the Token to revoke the token.

Note: To remove an API token on the command line, use the UAPI Tokens::revoke function.

Related cPanel Tutorials and How To Guides
A beginners guide to cPanel Step by step tutorials

Tweet  Share  Pin  Email

We welcome your comments, questions, corrections and additional information relating to this article. Please be aware that off-topic comments will be deleted.
If you need specific help with your account, feel free to contact us anytime
Thank you

Inspired by the ingenuity of our master copywriters

RSH Web Services hosting plans are carefully crafted to meet the needs and demands of all types of websites, from personal to business websites. we are committed to providing you with the best hosting services available in the industry