API tokens in cPanel provide password-free authentication for applications to access your server. Since cPanel version 80, you can create and manage API tokens to grant third-party developers or vendors access to API2 and UAPI functionality without sharing your password.

How to do it

  1. Step 1: Access the API Token Manager

    Log in to your cPanel account.

    Scroll to the SECURITY section and click Manage API Tokens.

    Manage API Tokens in cPanel

  2. Step 2: Create a new API token

    Enter the name of the API token in the API Token Name field.

    Select the Specify an expiration date option.

    In API Token Expiration Date, select the date from the calendar. The token will be valid until this date.

    Click Create.

    Create API Token

    Note: While you can select The API Token will not expire option, we strongly recommend setting an expiration date for security reasons.

  3. Step 3: Save the API token

    A success message will be displayed when cPanel creates the new token.

    Copy the API token to a secure location. You will need to share it with your user later.

    Click Yes, I Saved My Token.

    Save API Token

    The API token you created now appears in the list of active API tokens.

  4. Step 4: Manage an existing API token

    Click the Manage button for the API token you want to manage.

    Manage API Token

    You will see two sections:

    • MANAGE API TOKEN: Here you can change the name of the API token.
    • REVOKE API TOKEN: Allows you to discard an API token.
  5. Step 5: Update the API token name (optional)

    In the MANAGE API TOKEN section, enter the new name for the API token in the New API Token Name field.

    Click the Update button.

    Update API Token

    The name of the API token will be modified to the new one you just updated.

  6. Step 6: Revoke an API token (optional)

    In the REVOKE API TOKEN section, click Revoke The Token.

    Revoke API Token

    A confirmation message will appear.

    Click Yes, Revoke The Token.

    Confirm Revoke API Token

    The system will invalidate the API token and remove it from the list of active tokens.