cpanel failed to create a temporary API token



On cPanel servers you can generate an API token via WHM >> Development Manage API Tokens. some time the API token creation for a reseller account leads errors
1. The system failed to create the API token: This error is due to the invalid frontpage ACL that was still left in /var/cpanel/resellers for the users (take an example user1).
In order to resolve this issue :
1. Make a backup of your old file /var/cpanel/resellers # cp -v /var/cpanel/resellers{,.backup.9558369} "/var/cpanel/resellers -> /var/cpanel/resellers.backup"
2. remove this invalid ACL for the user1, # sed -i s/frontpage,//g /var/cpanel/resellers save the file and restart the cPanel will solve this issue. --------------------------------------------------------------------------------------------------------
If you are experiencing this issue with other users as well, the frontpage ACL can be globally removed from the file with this command:
sed -i.bak s/frontpage,//g /var/cpanel/resellers

This would remove the frontpage ACL from the other users as well.

A sample /var/cpanel/resellers file should like this, (user1:acct-summary,add-pkg,allow-addoncreate,allow-parkedcreate,allow-unlimited-bw-pkgs,allow-unlimited-disk-pkgs,allow-unlimited-pkgs,basic-system-info,basic-whm-functions,cors-proxy-get,cpanel-api,cpanel-integration,create-acct,create-dns,create-user-session,digest-auth,edit-account,edit-dns,edit-mx,edit-pkg,frontpage,generate-email-config,kill-acct,kill-dns,limit-bandwidth,list-accts,list-pkgs,mailcheck,manage-api-tokens,manage-dns-records,manage-oidc,manage-styles,mysql-info,news,ns-config,park-dns,passwd,public-contact,quota,show-bandwidth,ssl,ssl-gencrt,ssl-info,stats,status,suspend-acct,track-email,upgrade-account).

2. Sometimes you may see the below error while generating API Tokens

The system failed to create the API token: Invalid or unauthorized ACLs specified: disallow-shell and frontpage

The disallow-shell error is due to that being a setting that used to exist in older versions of cPanel, but it was removed at some point (not in v70, but even earlier than that). By adding the missing reseller options will fix the issue.

The below scripts will add these missing options,

/scripts/fix_reseller_acls fix-disallow-shell all-resellers all-acl-lists

for adding these options for the single user, please follow the below scripts

/usr/local/cpanel/scripts/fix_reseller_acls add-default-privs reseller user1

This will help you to create API tokens without any issues.