How to Create API Tokens in WHM/cPanel
API Tokens in WHM and cPanel allow you to authenticate API calls without using your password directly. This is a more secure method for automating tasks on your server. In this guide, we will walk you through creating API tokens step by step.
What Are API Tokens?
API tokens are unique authentication credentials that grant access to WHM and cPanel API functions. They are ideal for:
- Automated scripts that interact with your hosting server
- Third-party integrations that need secure access
- Replacing password-based authentication for better security
Creating an API Token in WHM
- Log in to your WHM panel as root.
- In the search bar, type "API Tokens" or navigate to Development > Manage API Tokens.
- Click "Generate Token".
- Enter a descriptive Token Name (e.g., "backup-script" or "monitoring-tool").
- Click "Save".
- Copy the generated token immediately — you will not be able to view it again.
Creating an API Token in cPanel
- Log in to your cPanel account.
- Scroll down to the Security section.
- Click "Manage API Tokens".
- Click "Create".
- Enter a name for the token and click "Create".
- Copy and securely store your new API token.
Using Your API Token
To use the token in API calls, include it in the Authorization header:
curl -H "Authorization: whm root:YOUR_TOKEN_HERE" "https://your-server:2087/json-api/listaccts"
Security Best Practices
- Never share your API tokens publicly or in code repositories.
- Rotate tokens regularly and revoke unused ones.
- Use tokens with the minimum required permissions.
- Store tokens in environment variables rather than hardcoding them.
