• The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Changes in API permissions

B

BruceT

New Pleskian
There has been a recent upgrade that seems to have changed the way the API permissions work and I am struggling to correct the change. I have built a program so I can update my mail aliases and it has been working fine for a few years. It worked fine with a user created on the power panel version of panel with permissions granted to the mail only. Now it returns a 1006 permission denied error using the API-RPC interface. You can log into the panel and it correctly shows just the mail parts of the relevant domain.

The program works fine if you use my admin login details, but not the other one. I have tried adding all the possible permissions but it make no difference.

I don't seem to be able to work out how to fix this. Any help appreciated.

thanks
Bruce
 
Just to start with - exact API-RPC queries, return codes and error messages could be helpful here.
 
Thanks.

The query is:
<packet version=\"1.6.3.0\">
<mail>
<get_info>
<filter>
<site-id>1</site-id>
<name>mailboxname</name>
</filter>
<aliases/>
</get_info>
</mail>
</packet>

(I've changed the actual values sent).
The return is error 1006 permission denied.

Prior to the recent upgrade this worked fine with a user created on the power view of the panel with mail permissions granted. It still works fine if using the admin log in details. So I think something has changed in the permission to use the API-RPC. I have tried creating a new user and different configurations of permissions but still the same error occurs. If I create an auxiliary admin the query works.
I am keen not to use my admin details for this and having a separate user with limited permissions is better for me.

thanks
Bruce
 
Hi, if that domain belongs to a customer-level or reseller-level account, you can execute API request with their credentials. If that's domain of admin, API RPC has to be called with Admin credentials. To secure credentials we recommend using Secret Keys

http://download1.parallels.com/Plesk/PP11/11.5/Doc/en-US/online/plesk-api-rpc/about.htm

At the moment, the use of the API RPC protocol is allowed to Administrator, resellers and customers. These users are provided with programmatic means of managing various Panel objects they own.

Administrator is allowed to perform all operations of whatever version of all available protocol versions.
Resellers have access to a limited number of operations within each particular version of API RPC. When using a reseller account, a strict requirement is that option Ability to use API RPC is selected in the reseller subscription properties, the Permissions tab.
Customers have access to a limited number of operations within each particular version of API RPC. The access to API RPC is granted to all customers by default and it cannot be turned off.
 
Thank you for the information. It explains the change I was experiencing. I can now work out how to re jig things

thanks
 
You must log in or register to reply here.

Similar threads

S
Question Incoming mail go straight to the trash
Replies
3
Views
287
enerspace
enerspace
I
Issue Selinux switches to permissive when updating modsecurity rules
Replies
10
Views
2K
ivanes82
I
P
Question Error 200 delete User API REST
Replies
4
Views
706
Pierre Ringenbach
P
S
Resolved Rest API Fatal Errors
Replies
6
Views
1K
Sebahat.hadzhi
Sebahat.hadzhi
M
Issue Sub domain additional nginx directives
Replies
1
Views
608
Vladimir C.
V
Back
Top