{"id":419,"date":"2012-01-12T07:51:06","date_gmt":"2012-01-12T12:51:06","guid":{"rendered":"http:\/\/blogs.wp.stage.cpanel.net\/?p=419"},"modified":"2012-01-12T07:51:06","modified_gmt":"2012-01-12T12:51:06","slug":"making-your-script-work-with-security-tokens-in-cpanel-whm","status":"publish","type":"post","link":"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/","title":{"rendered":"Making your script work with security tokens in cPanel &#038; WHM"},"content":{"rendered":"<p><strong>What is a security token?<\/strong><br \/>\n\u201cSecurity token\u201d URLs were added in cPanel &amp; WHM 11.25 as a security measure, and they were enabled by default in version 11.28. They help combat a common type of attack called a Cross-Site Request Forgery (XSRF).<\/p>\n<p>So, what does a \u201csecurity token\u201d look like? Take, for example, this URL:<br \/>\n<code>https:\/\/example.com:2087\/i\/love\/cpanel<\/code><\/p>\n<p>With security tokens enabled, this would become:<br \/>\n<code>https:\/\/example.com:2087\/cpsessYYYYYYY\/i\/love\/cpanel<\/code><\/p>\n<p>In that example, cpsessYYYYYYY is the token unique to that logged-in user on that browser. (You can learn more about security tokens in cPanel &amp; WHM by reading our Security Tokens white paper.) In order for your custom script to work with cPanel &amp; WHM, every URL involved needs to be compatible with the security token. <\/p>\n<p><strong>Creating security token-compatible URLs<\/strong><\/p>\n<p>Fortunately, it is very easy to do!  <\/p>\n<p>The token is available in the environment variable &#8216;cp_security_token&#8217;.<\/p>\n<p>If security tokens are not in use, &#8216;cp_security_token&#8217; will be an empty string.<\/p>\n<p>If security tokens are in use, &#8216;cp_security_token&#8217; will be, in terms of the above example: \/cpsessYYYYYYY<\/p>\n<p>Note the preceding slash!  Since the variable has that slash, the examples will work whether cPanel &amp; WHM has security tokens enabled or disabled.<\/p>\n<ul>\n<li>Here&#8217;s how you&#8217;d use it in Perl code that calls one of our API URLS.<br \/>\nSimply change this:<\/p>\n<p><code>my $APIurl = \"http:\/\/127.0.0.1:2087\/xml-api\/$url\";<\/code><\/p>\n<p>to this:<\/p>\n<p><code>my $APIurl = \"http:\/\/127.0.0.1:2087$ENV{'cp_security_token'}\/xml-api\/$url\";<\/code><\/li>\n<li>Here&#8217;s how you might use it in JavaScript for, say, an AJAX call.<br \/>\nFirst, make it available to your JavaScript. For example:<\/p>\n<p>    <code>print &lt;&lt;&quot;END_SECURITY_TOKEN_JAVASCRIPT&quot;; <\/p>\n<p>    if ( !(\"CPANEL\" in window) ) CPANEL = {};<br \/>\n    CPANEL.security_token = \"$ENV{'cp_security_token'}\";<\/p>\n<p>END_SECURITY_TOKEN_JAVASCRIPT<\/code><\/p>\n<p>Next, make your URLs compatible by changing this:<\/p>\n<p><code>var ajaxURL = '\/3rdparty\/ZZZ\/zzz.cgi';<\/code><\/p>\n<p>to this:<\/p>\n<p><code>var ajaxURL = CPANEL.security_token + '\/3rdparty\/ZZZ\/zzz.cgi';<\/code><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>What is a security token? \u201cSecurity token\u201d URLs were added in cPanel &amp; WHM 11.25 as a security measure, and they were enabled by default in version 11.28. They help combat a common type of attack called a Cross-Site Request Forgery (XSRF). So, what does a \u201csecurity token\u201d look like? Take, for example, this URL: [&hellip;]<\/p>\n","protected":false},"author":77,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[49],"tags":[],"class_list":["post-419","post","type-post","status-publish","format-standard","hentry","category-products"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Making your script work with security tokens in cPanel &amp; WHM | cPanel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Making your script work with security tokens in cPanel &amp; WHM | cPanel\" \/>\n<meta property=\"og:description\" content=\"What is a security token? \u201cSecurity token\u201d URLs were added in cPanel &amp; WHM 11.25 as a security measure, and they were enabled by default in version 11.28. They help combat a common type of attack called a Cross-Site Request Forgery (XSRF). So, what does a \u201csecurity token\u201d look like? Take, for example, this URL: [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/\" \/>\n<meta property=\"og:site_name\" content=\"cPanel\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cpanel\/\" \/>\n<meta property=\"article:published_time\" content=\"2012-01-12T12:51:06+00:00\" \/>\n<meta name=\"author\" content=\"cPanel Community\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cPanel\" \/>\n<meta name=\"twitter:site\" content=\"@cPanel\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"cPanel Community\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/\",\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/\",\"name\":\"Making your script work with security tokens in cPanel & WHM | cPanel\",\"isPartOf\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\"},\"datePublished\":\"2012-01-12T12:51:06+00:00\",\"dateModified\":\"2012-01-12T12:51:06+00:00\",\"author\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\"},\"breadcrumb\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/devel.www.cpanel.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Making your script work with security tokens in cPanel &#038; WHM\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\",\"url\":\"https:\/\/devel.www.cpanel.net\/\",\"name\":\"cPanel\",\"description\":\"Hosting Platform of Choices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devel.www.cpanel.net\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\",\"name\":\"cPanel Community\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"caption\":\"cPanel Community\"},\"description\":\"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel &amp; WHM their hosting platform of choice. For more information, visit cPanel.net.\",\"sameAs\":[\"https:\/\/cpanel.net\"],\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Making your script work with security tokens in cPanel & WHM | cPanel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/","og_locale":"en_US","og_type":"article","og_title":"Making your script work with security tokens in cPanel & WHM | cPanel","og_description":"What is a security token? \u201cSecurity token\u201d URLs were added in cPanel &amp; WHM 11.25 as a security measure, and they were enabled by default in version 11.28. They help combat a common type of attack called a Cross-Site Request Forgery (XSRF). So, what does a \u201csecurity token\u201d look like? Take, for example, this URL: [&hellip;]","og_url":"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/","og_site_name":"cPanel","article_publisher":"https:\/\/www.facebook.com\/cpanel\/","article_published_time":"2012-01-12T12:51:06+00:00","author":"cPanel Community","twitter_card":"summary_large_image","twitter_creator":"@cPanel","twitter_site":"@cPanel","twitter_misc":{"Written by":"cPanel Community","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/","url":"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/","name":"Making your script work with security tokens in cPanel & WHM | cPanel","isPartOf":{"@id":"https:\/\/devel.www.cpanel.net\/#website"},"datePublished":"2012-01-12T12:51:06+00:00","dateModified":"2012-01-12T12:51:06+00:00","author":{"@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8"},"breadcrumb":{"@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/making-your-script-work-with-security-tokens-in-cpanel-whm\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devel.www.cpanel.net\/"},{"@type":"ListItem","position":2,"name":"Making your script work with security tokens in cPanel &#038; WHM"}]},{"@type":"WebSite","@id":"https:\/\/devel.www.cpanel.net\/#website","url":"https:\/\/devel.www.cpanel.net\/","name":"cPanel","description":"Hosting Platform of Choices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devel.www.cpanel.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8","name":"cPanel Community","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","caption":"cPanel Community"},"description":"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel &amp; WHM their hosting platform of choice. For more information, visit cPanel.net.","sameAs":["https:\/\/cpanel.net"],"url":"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/419"}],"collection":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/users\/77"}],"replies":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/comments?post=419"}],"version-history":[{"count":0,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/419\/revisions"}],"wp:attachment":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/media?parent=419"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/categories?post=419"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/tags?post=419"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}