How to regenerate and use your Remote Access Key in WHM
Table of Contents
Remote Access Keys are used by external servers and software to communicate with your cPanel & WHM server. In particular, the access keys are used by the servers in a DNS Cluster to communicate without needing each of the others’ root passwords.
1) To find and regenerate your server’s Remote Access Key, scroll down in the menu to Cluster/Remote Access.
2) Click Setup Remote Access Key.
Here is your current access key, in the greyed-out textarea at right.
3) Press this button to Generate a New Key.
You should have noticed that the contents of the box changed as soon as we hit the button. The remote access key has now been changed.
The Remote Access Key in WHM (WebHost Manager) has been replaced by API tokens, which offer a more secure and flexible way to authenticate third-party applications and services that need to interface with your WHM/CPanel server. API tokens allow for better control and management of access permissions compared to the older Remote Access Key system.
If you’re working with a script or application that still references a Remote Access Key, it’s advisable to update it to use API tokens. Here’s how to regenerate and use API tokens in WHM:
Step 1: Log into WHM
First, you need to access your WHM account. Enter your credentials (username and password) on the login page to proceed.
- In the WHM dashboard, use the search bar on the top left corner to search for “API Tokens”.
- Click on “Manage API Tokens” from the search results. This will take you to the API Tokens management page.
Step 3: Create a New API Token
- Click on the “Generate Token” button to start the process of creating a new API token.
- You’ll be prompted to provide a name for your API token. Choose a name that helps you remember the purpose or the service that will use this token.
- Optionally, you can select the specific permissions you want to grant this API token. If unsure, leave the default settings, but be aware that this will grant full access, similar to what the Remote Access Key provided.
- Click “Save” to generate the new API token.
Step 4: Store the API Token
After creating the API token, WHM will display it on the screen. Important: This is the only time WHM will display the full token, so you must copy and securely store it now. You won’t be able to retrieve it again later. If you lose it, you’ll need to generate a new one.
Step 5: Use the API Token
To use the API token with your scripts or third-party applications, you’ll typically replace where you previously used the Remote Access Key with the new API token. The method of specifying the API token varies depending on the application or script but often involves adding it to a configuration file or supplying it as a header in API requests.
For example, when using the WHM API, you would include the API token in the HTTP header like so:
Authorization: whm username:APITOKEN
Replace username with your WHM username and APITOKEN with the actual API token you generated.
Additional Tips
- Security: Treat API tokens like passwords. Only generate them for applications or services that you trust and only grant the necessary permissions needed for the tasks.
- Monitoring and Rotation: Regularly review and revoke API tokens that are no longer needed. Consider rotating tokens periodically to improve security.
- Documentation: Maintain documentation of where each API token is used. This practice makes it easier to manage and troubleshoot access issues.
Transitioning to API tokens from the Remote Access Key system enhances the security and manageability of your WHM/CPanel server’s external access. Ensure any external services or scripts interfacing with your server are updated to utilize API tokens.
