Manage API Tokens in cPanel

Valid for versions 82 through the latest version



Last modified: November 30, 2022


  • This functionality is experimental. It may change in future versions.
  • The Unrestricted application programming interface (API) tokens can access API functions that do not have an associated feature.

This feature lets you create, list, update, and revoke API tokens. The server recognizes API tokens and allows you to run API functions. API functions allow you to view and change account data without the need to log in to the cPanel interface. You can issue API tokens to allow others to run API functions with your account’s data. For example, you could issue an API token to a reseller. The reseller could use that token to check disk usage.


Create an API token

To create an API token, perform the following steps:

  1. Click Create. The Create API Token interface will appear.
  2. Enter a unique name in the API Token Name text box.
    • An API token name can only contain up to 50 characters.
    • You can only enter letters (a - z and A - Z), numbers (0 - 9), dashes ( - ), and underscores ( _ ).
  3. Select one of the following options from the Should the API Token Expire? section:
    • The API Token will not expire. — This will create a token that does not have an expiration date.
    • Specify an expiration date. — This allows you to create a token that expires on a specific date. By default, tokens expire one year from the current date. When you select this option, the interface displays the API Token Expiration Date section. Use the the calendar icon (Calendar) to open a calendar to select a desired expiration date. You can also enter a custom date in the calendar text box, in YYYY-MM-DD format. The token will expire on the date you select at 23:59:59, server time.
      • You cannot edit an API token expiration date after creation.
      • When an API token expires, the system will not remove it. You must manually delete an API token.
  4. Click Create. A new interface will appear.
    • To copy the API token, click Copy. Think of this token like a password. You must enter this token each time that you use it.

      You cannot access the token after you navigate away from the interface. If you forget or misplace this token, you must revoke the token and then create a new one.

  5. Click Yes, I Saved My Token.
    • To create a new token, select the Create another token after I click Yes, I saved my token checkbox.
    • To return to the List API Tokens interface, deselect the Create another token after I click Yes, I saved my token checkbox.

The API tokens table

This table displays all of your API tokens. You can perform the following functions:

  • To display more API tokens per page, click the gear icon (Gear) and then select a number.
  • To revoke multiple tokens:
    1. Select the checkboxes for each token to revoke. Select the checkbox at the top of the table to select every token.
    2. Click Revoke. A confirmation message will appear.
    3. Click Revoke Selected API Tokens.

The API tokens table contains the following information:

  • Token Name — The API token’s name.
  • Created — The date and time that you created the API token.
  • Expires — If an API token expires, the date and time on which the token will expire:
    • When an API token will soon expire, the interface displays its entry row in yellow. It also displays a notice icon (Notice).
    • The interface displays expired API token entry rows in red. It also displays a notice icon (Notice).

      When API tokens expire, the system does not remove them. You must manually delete expired API tokens.

  • Manage — Click Manage to open a new interface where you can perform the following actions:
    • Rename Token — Assign a new name for the token.
    • Revoke the Token — Delete the token, and prevent it from accessing the server or any API functions.

Manage an API token

To manage an API token, locate the token in the API Tokens table and then click Manage. The Manage API Token interface will appear.

Rename Token

To assign a new name for the token, enter a new name in the New API Token Name text box. Then click Update.

Revoke the Token


If you revoke an API token, users will not be able to run any scripts or API functions using that token.

To revoke an API token:

  1. Click Revoke. A confirmation message will appear.
  2. Click Yes, Revoke the Token to revoke the token.

To remove an API token on the command line, use the UAPI Tokens::revoke function.

Additional Documentation