Manage API Tokens in cPanel

title: Manage API Tokens in cPanel created at: Tue Oct 22 2024 09:33:45 GMT+0000 (Coordinated Universal Time) updated at: Sat Feb 08 2025 14:21:23 GMT+0000 (Coordinated Universal Time) --- # Manage API Tokens in cPanel # Overview !! Important !! This functionality is **experimental**. It may change in future versions. !! The *Unrestricted* application programming interface (API) tokens can access API functions that do **not** have an associated feature. This feature lets you create, list, update, and revoke API tokens. The server recognizes API tokens and allows you to run API functions. API functions allow you to view and change account data without the need to log in to the cPanel interface. You can issue API tokens to allow others to run API functions with your account’s data. For example, you could issue an API token to a reseller. The reseller could use that token to check disk usage. !! Note !! API tokens run [UAPI](https://api.docs.cpanel.net/cpanel/introduction/) functions and [cPanel API 2](https://documentation.cpanel.net/display/DD/Guide+to+cPanel+API+2) functions, not [cPanel API 1](https://documentation.cpanel.net/display/DD/Guide+to+cPanel+API+1) functions. !! Use API tokens to run API functions from the command line. For more information, read our [How to Use cPanel API Tokens](https://docs.cpanel.net/knowledge-base/security/how-to-use-cpanel-api-tokens) documentation. !! For more information about using API functions, read our [Quickstart Development Guide](https://api.docs.cpanel.net/guides/quickstart-development-guide/) documentation. # Create an API token To create an API token, perform the following steps: 1. Click *Create*. The *Create API Token* interface will appear. 2. Enter a unique name in the *API Token Name* text box. !! Note !! An API token name can **only** contain up to 50 characters. !! You can **only** enter letters (`a` - `z` and `A` - `Z`), numbers (`0` - `9`), dashes ( `-` ), and underscores ( `_` ). 1. Select one of the following options from the *Should the API Token Expire?* section: * *The API Token will not expire.* — This will create a token that does **not** have an expiration date. * *Specify an expiration date.* — This allows you to create a token that expires on a specific date. By default, tokens expire one year from the current date. When you select this option, the interface displays the *API Token Expiration Date* section. Use the the calendar icon () to open a calendar to select a desired expiration date. You can also enter a custom date in the calendar text box, in `YYYY-MM-DD` format. The token will expire on the date you select at `23:59:59`, server time. !! Important !! You **cannot** edit an API token expiration date after creation. !! When an API token expires, the system will **not** remove it. You **must** [manually delete](https://docs.cpanel.net/cpanel/security/manage-api-tokens-in-cpanel/#revoke-the-token) an API token. 2. Click *Create*. A new interface will appear. ``` - To copy the API token, click _Copy_. Think of this token like a password. You must enter this token each time that you use it. !! Warning ``` You **cannot** access the token after you navigate away from the interface. If you forget or misplace this token, you **must** revoke the token and then create a new one. 3. Click *Yes, I Saved My Token*. * To create a new token, select *Create another token after I click Yes, I saved my token* checkbox. * To return to the *List API Tokens* interface, deselect the *Create another token after I click Yes, I saved my token* checkbox. # The API tokens table This table displays all of your API tokens. You can perform the following functions: * To display more API tokens per page, click the gear icon ( ![media\_Manage%20API%20Tokens%20in%20cPanel/BuYRSlcYlZQjd\_-gear.png](media_Manage%20API%20Tokens%20in%20cPanel/BuYRSlcYlZQjd_-gear.png) ) and then select a number. To revoke multiple tokens: ``` 1. Select the checkboxes for each token to revoke. Select the checkbox at the top of the table to select **every** token. 1. Click _Revoke_. A confirmation message will appear. 1. Click _Revoke Selected API Tokens_. ``` The API tokens table contains the following information: * *Token Name* — The API token’s name. * *Created* — The date and time that you created the API token. * *Expires* — If an API token expires, the date and time on which the token will expire: * When an API token will soon expire, the interface displays its entry row in yellow. It also displays a notice icon ( ![media\_Manage%20API%20Tokens%20in%20cPanel/Y0MHRBKB-GOYY2-warn.png](media_Manage%20API%20Tokens%20in%20cPanel/Y0MHRBKB-GOYY2-warn.png) ``` ). - The interface displays expired API token entry rows in red. It also displays a notice icon ( ``` ![media\_Manage%20API%20Tokens%20in%20cPanel/jtgSUsmsv4Cdms-warn.png](media_Manage%20API%20Tokens%20in%20cPanel/jtgSUsmsv4Cdms-warn.png) ``` ). !! Remember ``` When API tokens expire, the system does **not** remove them. You **must** manually delete expired API tokens. * *Manage* — Click *Manage* to open a new interface where you can perform the following actions: * *Rename Token* — Assign a new name for the token. * *Revoke the Token* — Delete the token, and prevent it from accessing the server or any API functions. # Manage an API token To manage an API token, locate the token in the API Tokens table and then click *Manage*. The *Manage API Token* interface will appear. ## Rename Token To assign a new name for the token, enter a new name in the *New API Token Name* text box. Then click *Update*. ## Revoke the Token !! Warning !! If you revoke an API token, users will **not** be able to run any scripts or API functions using that token. To revoke an API token: 1. Click *Revoke*. A confirmation message will appear. 2. Click *Yes, Revoke the Token* to revoke the token. !! Note !! To remove an API token on the command line, use the UAPI [`Tokens::revoke`](https://api.docs.cpanel.net/openapi/cpanel/operation/revoke/) function.