0

I have used API data from websites like Microsoft, Knowbe4, ninja, ITglue, twitch, etc. However I am having trouble understanding the authentication for Cpanel.

I have an API key that I obtained from the cpanel website.

Cpanel authorization: https://api.docs.cpanel.net/cpanel/tokens/

It says:

Using an API token To call a UAPI function with an API token, run the following command from the command line:

curl -H'Authorization: cpanel username:APITOKEN' 'https://example.com:2083/execute/Module/function?parameter=value'

So I tried using python but I am getting a 401 error which relates to the password or api key.

Here is my code:

import requests

bluehostapi = "ANAPIKEY"
bluehosturl = "https://cpanel-box5504.bluehost.com:2083/cpsess4830273370/"
header = {"Authorization": "cpanel", "username":bluehostapi}
buuserrequest = requests.get(bluehosturl+"execute/email",headers=header)
print(buuserrequest)

But I always get back:

<Response [401]>

I also tried putting https://cpanel-box5504.bluehost.com:2083/cpsess4830273370/execute/mail into google chrome's address bar directly as the docs said that you can go to the api url directly. However when I did I received an error saying:

{"warnings":null,"status":0,"data":null,"messages":null,"errors":["Failed to load module “”: “Cpanel::API::” is not a valid name for a Perl module."],"metadata":{}}

My main goal is to test connecting to cpanel's api so I can retrieve all the usernames and emails of my clients programmably.

  • Check the output of the `curl` command. Is it the same? You can get some additional info by increasing verbosity: `curl -vvv ...`. – Michael Ruth Sep 30 '21 at 15:03
  • @MichaelRuth Good idea. I just tried with the verbose flag in curl and it gave me the same error `< HTTP/1.1 403 Forbidden Access denied`. I am going to double check the authenication and see if I am doing it right. –  Sep 30 '21 at 15:37
  • 401 and 403 are different errors. Here's an [answer](https://stackoverflow.com/a/6937030/4583620) which explains the difference. – Michael Ruth Sep 30 '21 at 15:46
  • Thanks for that information. I actually found the answer. It was a combination of the fact that I had the wrong username in the authorization header (I am using CPanel through another company and it was hard to find the username) and the way I wrote the header was wrong for this scenario. It suppose to be like this: `header = {"Authorization": "cpanel sfurolog:ALONGAPIKEY"}`. However you helped me research in the right direction. I used the difference between 401 and 403 to troubleshoot better. Thank you. –  Sep 30 '21 at 17:25

0 Answers0