cPanel® Blog

Introduction to using the WHM API

Hey everyone!

This post is meant to be a brief overview for using the WHM API. We’ll explore two methods of using the API – from a browser and from a Perl script on the command line.

Finding out what you can do with the API

You can view a list of all the Available Functions for the API calls at…ions-Functions. We’ll reference this page later when we’re constructing our API commands. You can also get specific details about each function by clicking the item, such as the adddns function at…API+1+-+adddns which we’ll be using throughout this guide as our example.

Using the API in a Browser and Constructing the API URL

The easiest way to get familiar with the cPanel API is to call a function using your browser. Just like visiting a website by entering a URL, you can enter a URL that will perform API calls. During your use of the WHM interface you’ve likely noticed additional data after the typical URL of https://x.x.x.x:2087 and we can manipulate that data to perform administrative functions on the server. Although calling functions using the API may seem redundant since you’re already logged into WHM, and thus have full access to the interface and available GUI tools, it will let you see if your API call works as you expect and gives you some helpful output (in either JSON or XML format, whichever you prefer) if you do run into problems.

Here’s an image that shows the basic formatting of an API call – this looks a lot like the familiar WHM login of https://x.x.x.x:2087 but just includes extra data after the session ID.


The following methods assume you’re already logged in to WHM as root and have a security token. This means that you’ll have a unique, 10-digit session ID in the format of https://x.x.x.x:2087:cpsess##########. In the following examples I’ll just use the localhost IP of and cpsess########## to avoid confusion so be sure to edit these commands with the appropriate details for your own server if you want to try these out for yourself.

Using the URL

Now that we have a basic idea of what the URL should look like, let’s perform a basic task with the API – creating a DNS zone. According to the functions page listed earlier in this guide we’ll want to use the “adddns” function. If we follow the URL formatting guide above and the layout details from the function guide at…API+1+-+adddns we can construct our URL to look like this:

If we analyze this command using the above URL breakout image we have the following areas::

-The “output format” is JSON

-we’re using the “adddns” function

-The API version we’re using is version 1

The rest of the command is the variables that the function requires to operate. I’ve just used “” for the domain to create and I’m setting it up on the IP of

Now, assuming we’re already logged into WHM, we can enter that command in our browser – you should receive JSON output that looks similar to the following, but depending on your browser this could be all displayed on one line.

   metadata: {
      result: 1,
      version: 1,
      reason: 'Added ok belonging to user root',
      command: 'adddns'

In general, when working with JSON, “1” indicastes positive output, meaning the action completed successfully. We can see from this output that the domain was accepted and has been created on the server. If we check out WHM >> Edit a DNS Zone you should see in your list now, and selecting it will show a zone file with all the default cPanel records:


Using Custom Code for API Calls

The second way to interact with the cPanel API is to call the API functions through custom code. When writing your own code there are many options limited only by your creativity. The examples here are just that – examples to show you the basics so you can see how the API code functions within a Perl script. They are by no means exhaustive in any way.


Since this code will be called from a file we need to have a way to interact with WHM so we use an access hash so our commands are authenticated just as if we were clicking items in the WHM interface. An access hash is a way for a program to access a server without having to use the root password. This hash is used for several things in the cPanel system, most notably setting up DNS Clusters. To create this hash you can visit WHM >> Remote Access Key. There is likely a key already in place on your server – if this is the case it’s best to just use what already exists. If there isn’t a key in place you can generate one with the blue “Generate New Key” button on the right.


That long string of text is what we’ll need to use in our file. You can also find that at /root/.accesshash. We’ll need to add that block to line 14 of the code in the example below.

Since we’re working with Perl we’ll also need some of the standard Perl modules installed on the server. You’ll want to run the following two commands to get these modules installed:

yum install perl-XML-Simple
/scripts/perlinstaller LWP::Protocol::https

Building the Code

Now that we have the access hash we can use that in our code to authenticate our script to make an API call. Just like in our first example, here is some code that will create a DNS zone for I’m using since we already created in our previous test. You can copy and paste the following code into a file named using your favorite text editor. The file is named with the “.pl” extension because it is a Perl script. It looks like there is a large amount of code necessary to create a DNS zone, but much of this is just the access hash.

use strict;
use warnings;
use LWP::UserAgent;
use XML::Simple;
use Data::Dumper;
use HTTP::Cookies;
my $hostname = 'localhost';
my $protocol = 'https';
my $accesshash = <<'END';
$accesshash =~ s/n//g;
my $useragent = LWP::UserAgent->new(
cookie_jar => HTTP::Cookies->new,
$useragent->default_header( 'Authorization' => "WHM root:$accesshash" );
 my $url = "$protocol://$hostname:2087/json-api/adddns?api.version=1&";
 my $response = $useragent->get($url);
 my $response_data = $response->decoded_content;
 print $response_data;

When you go to use this code you’ll need to replace lines 14-42 with your own access hash. There are also ways to have the script read the access hash directly from the server but that level of programming is beyond the scope of this guide.

To better understand what is happening in this code, here is a line-by-line description:

Lines 1-48: Creates the user agent and declares variables, including the access hash
Lines 49-51: The actual API code
Line 52: The output from the code

You’ll also need to make sure the script has executable permissions so it can run on the server. After you’ve saved the file with all of your changes you can issue the following command from shell to change the permissions so the script can be executed

chmod 755

If this code were being used in a production environment the “&” and the “&ip=” sections would ideally be variables that get their values from data entered by a user through some type of form. However, since we’re just providing an example of how the code works outside of a working graphical interface they’ll need to be hard-coded.

Executing the Script

Once you have the file saved you can execute it by running the following command:

If everything goes well you should get output that looks similar to the following:


Just as with the previous JSON results, seeing “1” in the output indicates that the action completed successfully. If you check your /var/named/ directory you should see the DNS zone file for which looks like this:


I hope that gives you an idea how the WHM API works and that you found these examples useful!

  • Radu

    Hi Rex,

    Thank you for your wonderful tutorial.

    I am trying to use you’re second example (Using Custom Code for API Calls) but I got a problem with the server authentication. I’ve used the Remote Access Key from my server but I still get this error message:

    {“cpanelresult”:{“apiversion”:”2″,”error”:”Access denied”,”data”:{“reason”:”Access denied”,”result”:”0″},”type”:”text”}}

    My url line look like:

    my $url = “$protocol://$hostname:2087/json-api/toggle_user_backup_state?api.version=1&user=someuser&legacy=1”;

    Any thoughts on that?


    PS: I realize that this is not a support page but I couldn’t find other tutorials / examples on how to authenticate on WHM API 1 using the Remote Access Key.

    • Radu

      Well after some stressful hours I figured it out. The line $accesshash =~ s/n//g;
      should be $accesshash =~ s/n//g;
      I hope someone will use that… 🙂

      Thanks again Rex for your tutorial!


  • sarvin
  • sarvin
  • Saporu Kolawole

    Looking nice, but we also need cpanel to support postfix please….


    • cPRex

      You’re welcome! Glad you enjoyed the post!

  • I was trying to do this the other day – using the API to give a MySQL user permissions for a MySQL database. There were several forum posts with cPanel staff saying that the API is the way to do this, but I couldn’t find the function to call. Sure enough, looking at, I still can’t find it.

    I did, however find But I couldn’t work out how to call that in the way you suggest in this post – at least, not so that it worked!

    Any pointers on how to do this? There must be another category of API call that needs a different approach – some pointers would be helpful.

    • cPRex

      Hey James!

      Thanks for reading the blog post. I’ll do some
      testing (and poke some devs if I have to!!!!) and get you some more
      details within a day or so, but I should have something for sure by Friday afternoon for you 😀

    • cPRex

      Hello again, James,
      The main issue here that you ran into is that this blog tutorial is describing WHM API calls – the Mysql::adduserdb that you linked me is a cPanel API call. These are called and used differently as they affect different levels of the server.

      Although the page you linked is the cPanel API 1 documentation I’d recommend using the UAPI system here as it’s newer and a bit easier to work with.

      You can find examples of how to contrust UAPI calls here:

      While I can’t really write out exact code in a blog reply you can always put in a support ticket if you’re having trouble with the API calls and we’d be happy to help you out!

      • Thanks, Rex (great new Avatar, by the way). I’ll have a look at those documentation pages, and open a ticket if I get stuck. Appreciate being pointed in the right direction.

        • cPRex

          No problem at all! I didn’t want to post of bunch of code in a blog reply because of formatting and special characters and reasons like that, but the UAPI is actually easier to play with then the other links you provided. I think if you have a chance to go over it and check out some examples you’ll be just fine from the sounds of it.

          I had to update my avatar here to stay consistent with my user prfile on our forums 😀

          • Thanks Rex. I’ve opened ticket id #5784113, as I had problems with using UAPI over Port 2086/7 and/or using .accesshash to authorize the requests. I’m sure the support team will be able to continue to point me in the right direction.