{"id":50957,"date":"2018-12-27T13:00:00","date_gmt":"2018-12-27T19:00:00","guid":{"rendered":"https:\/\/blog.cpanel.com\/?p=50957"},"modified":"2018-12-27T13:00:00","modified_gmt":"2018-12-27T19:00:00","slug":"resellers-guide-to-acls-and-api-tokens","status":"publish","type":"post","link":"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/","title":{"rendered":"Reseller&#8217;s Guide to ACLs and API Tokens"},"content":{"rendered":"<p>Several&nbsp;<a class=\"external-link\" href=\"https:\/\/documentation.cpanel.net\/display\/68Docs\/68+Release+Notes#id-68ReleaseNotes-NewACLsNewaccessprivileges\" rel=\"nofollow\">versions<\/a>&nbsp;ago, we made some monumental changes to the way that the ACLs (access control lists) and APIs behave and the level of access they grant. These improvements allow webhosts to provide more access to resellers while maintaining security for root users and server owners. We want to take this opportunity to highlight the numerous changes that these updates bring.<\/p>\n<h1 id=\"Reseller'sGuidetoACLsandAPITokens-NewResellerPrivilegesGranted\"><strong>New Reseller Privileges Granted<\/strong><\/h1>\n<p>If you are a webhosting provider, you likely sell hosting packages to resellers with the intention of the customer being able to section off chunks of their account to &#8220;resell&#8221; to clients of their own.&nbsp;A reseller account is a special type of cPanel account that is also able to access WHM. Typically, resellers can make certain modifications to a server&#8217;s configuration and can create more cPanel accounts.<\/p>\n<p>The&nbsp;<em><a class=\"external-link\" href=\"https:\/\/documentation.cpanel.net\/display\/68Docs\/Edit+Reseller+Nameservers+and+Privileges\" rel=\"nofollow\">Edit Reseller Nameservers and Privileges<\/a><\/em>&nbsp;interface in WHM&nbsp;enables the server owner to limit a reseller&#8217;s access to various server management features. This interfaces also allows the server owner to grant root-level privileges to a reseller, assign nameserver IP addresses for accounts that the reseller creates, as well as add DNS entries for those addresses. Until recently, there was very little granularity to the privileges, leaving server owners to choose between increased workload or compromised security. To rectify that,&nbsp;a large number of access privileges were added to the list.<\/p>\n<p><strong>Added access privileges for Resellers<\/strong><\/p>\n<ul>\n<li><em>Account Summary&nbsp;<\/em><\/li>\n<li><em>Allow CORS Proxy Requests<\/em><em><br \/>\n<\/em><\/li>\n<li><em>Basic WHM Functions<\/em><\/li>\n<li><em>Create User Session<\/em><\/li>\n<li><em>Digest Authentication<\/em><\/li>\n<li><em>Generate Email Configuration<\/em><\/li>\n<li><em>Manage cPanel Integration Links.<\/em><\/li>\n<li><em>Manage OpenID Connect<\/em><\/li>\n<li><em>Manage Styles<\/em><\/li>\n<li><em>MySQL\u00ae Information<\/em><\/li>\n<li><em>SSL Information<\/em><\/li>\n<li><em>Manage API Tokens<\/em><\/li>\n<li><em>Manage DNS Records<\/em><\/li>\n<li><em>Nameserver Configuration<\/em><\/li>\n<li><em>List Packages<\/em><\/li>\n<li><em>Track Email<\/em><\/li>\n<li><em>Basic System Information<\/em><\/li>\n<\/ul>\n<p>Being able to give a reseller autonomy to manage the above functions removes the need for a server owner to perform those actions for the reseller. For example, a reseller may want to manage the available cPanel styles or track email delivery on the server. With the new permissions, hosting providers can now allow the reseller to do this for themselves without granting full root access to the server.<\/p>\n<p>One of the great benefits of having the various DNS related functions available&nbsp;<span class=\"inline-comment-marker\">to a reseller allows&nbsp;<\/span><span class=\"inline-comment-marker\"><a class=\"external-link\" href=\"https:\/\/documentation.cpanel.net\/display\/CKB\/Guide+to+DNS+Cluster+Configurations\" rel=\"nofollow\">DNS clustering<\/a>&nbsp;without sharing root-level access across servers<\/span>.&nbsp;<span class=\"inline-comment-marker\">How is DNS Clustering beneficial? If your nameservers are located in different parts of the world, and one of those nameservers fails, DNS clustering allows you to maintain DNS functionality.<\/span><\/p>\n<p><strong><br \/>\nMore Power for Integrators<\/strong><\/p>\n<p><img decoding=\"async\" class=\"alignnone\" src=\"https:\/\/blog.cpanel.com\/wp-content\/uploads\/2018\/12\/acl.png\"><\/p>\n<p>To top things off, as of version 68 plugin developers can use the new ACLs to add granularity to their integrations as well, using&nbsp;<a class=\"external-link\" href=\"https:\/\/documentation.cpanel.net\/display\/DD\/Guide+to+API+Authentication+-+API+Tokens\" rel=\"nofollow\">API Tokens<\/a>. The updated&nbsp;<a class=\"external-link\" href=\"https:\/\/documentation.cpanel.net\/display\/DD\/Guide+to+WHM+Plugins+-+ACL+Reference+Chart\" rel=\"nofollow\">Guide to WHM Plugins &#8211; ACL Reference Chart<\/a>&nbsp;is provided in our documentation site. The WHMAPI 1 accesses the WHM interface&#8217;s features, this API can be used to perform server administration tasks, administer cPanel &amp; WHM reseller accounts, and manage cPanel &amp; WHM services.<\/p>\n<p>Another thing to keep in mind for integrators: when we recently&nbsp;<a class=\"external-link\" href=\"https:\/\/documentation.cpanel.net\/display\/76Docs\/76+Release+Notes#id-76ReleaseNotes-ServerProfilesNewWHMfeature:ServerProfiles\" rel=\"nofollow\">introduced server profiles<\/a>, we also started disabling API calls that aren&#8217;t associated with the current server profile. When&nbsp;a non-<em>Standard Node<\/em>&nbsp;server profile is enabled, the system disables API calls associated with that profile&#8217;s disabled service roles.&nbsp;For more information about server profiles and roles, read our&nbsp;<a class=\"external-link\" href=\"https:\/\/documentation.cpanel.net\/display\/CKB\/How+to+Use+Server+Profiles\" rel=\"nofollow\">How to Use Server Profiles<\/a>&nbsp;documentation.<\/p>\n<p>If you are interested in seeing changes made to our API, they are recorded and published with each new version as part of our&nbsp;<a class=\"external-link\" href=\"https:\/\/documentation.cpanel.net\/display\/76Docs\/76+Release+Notes\" rel=\"nofollow\">Release Notes<\/a>.<\/p>\n<h1 id=\"Reseller'sGuidetoACLsandAPITokens-That'saWrap!\"><strong>That&#8217;s a Wrap!<\/strong><\/h1>\n<p>As you can see these improvements give resellers more autonomy in their day to day as well as taking the support burden off of root users while maintaining security.<\/p>\n<p>How are you using ACLs and API&#8217;s in your day to day routine? To discuss more in-depth, or to weigh in with your own opinion, join the conversation on&nbsp;<a class=\"external-link\" href=\"https:\/\/go.cpanel.net\/slack\" rel=\"nofollow\">Slack<\/a>,&nbsp;<a class=\"external-link\" href=\"https:\/\/go.cpanel.net\/discord\" rel=\"nofollow\">Discord<\/a>, or the Official cPanel&nbsp;<a class=\"external-link\" href=\"https:\/\/reddit.com\/r\/\" rel=\"nofollow\">subreddit<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Several&nbsp;versions&nbsp;ago, we made some monumental changes to the way that the ACLs (access control lists) and APIs behave and the level of access they grant. These improvements allow webhosts to provide more access to resellers while maintaining security for root users and server owners. We want to take this opportunity to highlight the numerous changes [&hellip;]<\/p>\n","protected":false},"author":77,"featured_media":65081,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[49],"tags":[317,45,325,725],"class_list":["post-50957","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-products","tag-inside-cpanel","tag-proddevsec","tag-product-development","tag-user-experience"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Reseller&#039;s Guide to ACLs and API Tokens | cPanel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Reseller&#039;s Guide to ACLs and API Tokens | cPanel\" \/>\n<meta property=\"og:description\" content=\"Several&nbsp;versions&nbsp;ago, we made some monumental changes to the way that the ACLs (access control lists) and APIs behave and the level of access they grant. These improvements allow webhosts to provide more access to resellers while maintaining security for root users and server owners. We want to take this opportunity to highlight the numerous changes [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/\" \/>\n<meta property=\"og:site_name\" content=\"cPanel\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cpanel\/\" \/>\n<meta property=\"article:published_time\" content=\"2018-12-27T19:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/devel.www.cpanel.net\/wp-content\/uploads\/2018\/12\/2018.12.26.acls-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"3858\" \/>\n\t<meta property=\"og:image:height\" content=\"1527\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"cPanel Community\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@cPanel\" \/>\n<meta name=\"twitter:site\" content=\"@cPanel\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"cPanel Community\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/\",\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/\",\"name\":\"Reseller's Guide to ACLs and API Tokens | cPanel\",\"isPartOf\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\"},\"datePublished\":\"2018-12-27T19:00:00+00:00\",\"dateModified\":\"2018-12-27T19:00:00+00:00\",\"author\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\"},\"breadcrumb\":{\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/devel.www.cpanel.net\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Reseller&#8217;s Guide to ACLs and API Tokens\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#website\",\"url\":\"https:\/\/devel.www.cpanel.net\/\",\"name\":\"cPanel\",\"description\":\"Hosting Platform of Choices\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/devel.www.cpanel.net\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8\",\"name\":\"cPanel Community\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g\",\"caption\":\"cPanel Community\"},\"description\":\"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel &amp; WHM their hosting platform of choice. For more information, visit cPanel.net.\",\"sameAs\":[\"https:\/\/cpanel.net\"],\"url\":\"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Reseller's Guide to ACLs and API Tokens | cPanel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/","og_locale":"en_US","og_type":"article","og_title":"Reseller's Guide to ACLs and API Tokens | cPanel","og_description":"Several&nbsp;versions&nbsp;ago, we made some monumental changes to the way that the ACLs (access control lists) and APIs behave and the level of access they grant. These improvements allow webhosts to provide more access to resellers while maintaining security for root users and server owners. We want to take this opportunity to highlight the numerous changes [&hellip;]","og_url":"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/","og_site_name":"cPanel","article_publisher":"https:\/\/www.facebook.com\/cpanel\/","article_published_time":"2018-12-27T19:00:00+00:00","og_image":[{"width":3858,"height":1527,"url":"https:\/\/devel.www.cpanel.net\/wp-content\/uploads\/2018\/12\/2018.12.26.acls-1.png","type":"image\/png"}],"author":"cPanel Community","twitter_card":"summary_large_image","twitter_creator":"@cPanel","twitter_site":"@cPanel","twitter_misc":{"Written by":"cPanel Community","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/","url":"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/","name":"Reseller's Guide to ACLs and API Tokens | cPanel","isPartOf":{"@id":"https:\/\/devel.www.cpanel.net\/#website"},"datePublished":"2018-12-27T19:00:00+00:00","dateModified":"2018-12-27T19:00:00+00:00","author":{"@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8"},"breadcrumb":{"@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/devel.www.cpanel.net\/blog\/products\/resellers-guide-to-acls-and-api-tokens\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/devel.www.cpanel.net\/"},{"@type":"ListItem","position":2,"name":"Reseller&#8217;s Guide to ACLs and API Tokens"}]},{"@type":"WebSite","@id":"https:\/\/devel.www.cpanel.net\/#website","url":"https:\/\/devel.www.cpanel.net\/","name":"cPanel","description":"Hosting Platform of Choices","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/devel.www.cpanel.net\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/8cf97408aad4fb70cf55d11a1d4f57f8","name":"cPanel Community","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/devel.www.cpanel.net\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e1949945083b5526bb95711bd3d616b3?s=96&d=mm&r=g","caption":"cPanel Community"},"description":"The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel &amp; WHM their hosting platform of choice. For more information, visit cPanel.net.","sameAs":["https:\/\/cpanel.net"],"url":"https:\/\/devel.www.cpanel.net\/blog\/author\/cpadmin\/"}]}},"_links":{"self":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/50957"}],"collection":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/users\/77"}],"replies":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/comments?post=50957"}],"version-history":[{"count":0,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/posts\/50957\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/media\/65081"}],"wp:attachment":[{"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/media?parent=50957"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/categories?post=50957"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devel.www.cpanel.net\/wp-json\/wp\/v2\/tags?post=50957"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}