Question
How to create a Plesk XML API access token and how to use it for XML API passwordless authentication?
Answer
A secret key can be obtained from Plesk via XML API or from CLI and then it can be used for passwordless authentication instead of the username and password.
To create a secret key for the Plesk administrator account:
-
Connect to the server via SSH
-
Specify the IP address and description that will be linked to this secret key and its description:
# plesk bin secret_key -c -ip-address 203.0.113.2 -description "Admin access token"
778a476a-cf1c-7434-ea47-9f229d70e934Note: you may specify a few Ip addresses devided by comma.
-
Afterward, the Plesk secret key can be used placing it on the HTTP header request with the
KEY
parameter:Note: Where
778a476a-cf1c-7434-ea47-9f229d70e934
is the admin access token, theapi.rpc
is a file containing the XML request and203.0.113.10
is the Plesk server IP address# curl -kLi -H "Content-Type: text/xml" -H "KEY: 778a476a-cf1c-7434-ea47-9f229d70e934" -H "HTTP_PRETTY_PRINT: TRUE" -d @api.rpc https://203.0.113.10:8443/enterprise/control/agent.php
In case it's necessary to create a Plesk XML API access token for another Plesk user:
-
Create a secret key for the Plesk administrator account by following the steps described above
-
Create the file
api.rpc
with the following content:Note: Where
203.0.113.2
is the IP allowed for the connection and the loginjdoe
is the Plesk user<packet>
<secret_key>
<create>
<ip_address>203.0.113.2</ip_address>
<login>jdoe</login>
</create>
</secret_key>
</packet> -
Send the API request:
Note: Where
778a476a-cf1c-7434-ea47-9f229d70e934
is the admin access token, theapi.rpc
is a file containing the XML request created on the previous step and203.0.113.10
is the Plesk server IP address# curl -kLi -H "Content-Type: text/xml" -H "KEY: 778a476a-cf1c-7434-ea47-9f229d70e934" -H "HTTP_PRETTY_PRINT: TRUE" -d @api.rpc https://203.0.113.10:8443/enterprise/control/agent.php
The API response will provide the access token belonging to the Plesk user:
<?xml version="1.0" encoding="UTF-8"?>
<packet version="1.6.9.1">
<secret_key>
<create>
<result>
<status>ok</status>
<key>e4b01d73-7368-64a6-0515-9fa8fc1d3a78</key>
</result>
</create>
</secret_key>
</packet> -
Afterward, the secret key belonging to the Plesk user can be used for Plesk XML API requests:
Note: Where
e4b01d73-7368-64a6-0515-9fa8fc1d3a78
is the Plesk user access token, theapi.rpc
is a file containing the XML request and203.0.113.10
is the Plesk server IP address# curl -kLi -H "Content-Type: text/xml" -H "KEY: e4b01d73-7368-64a6-0515-9fa8fc1d3a78" -H…