Fixing error “Access to API is disabled” in Plesk servers
In our role as Outsourced hosting support specialists for web hosts, we manage web servers with various control panels such as Plesk, cPanel, DirectAdmin, etc.
With our years of experience and expertise handling the various control panel related issues in servers. we’ve been able to resolve almost all errors in no time.
Recently we faced an error “Access to API is disabled” related to the Plesk API in the server during account migration attempt from one Plesk server to another, which we’ll discuss here.
For integration purposes, Plesk has an API called the XML API. Using the API, third party-software can interact with Plesk. This interface allows Plesk operations such as creating customer accounts or subscriptions, to be executed remotely.
To perform an operation through XML API, the URL used is “https://<your-host-or-IP>:8443/enterprise/control/agent.php“. Plesk receives the message, perform the operations and returns the operation statuses via API.
[ Focus on your core business without interruptions. Our tech support experts are here to manage your customers 24/7. ]
What causes the error “Access to API is disabled” in Plesk servers
Though the XML API protocol allows interaction between Plesk and third-party software remotely, it can be misused by attackers and can be used for malicious purposes.
By default, the following users have access to the API protocol – Administrator, resellers and customers. These users can perform various operations using the API, but limited to their access levels.
To safeguard the Plesk servers from hijackers, we usually prohibit connections through XML API completely, or restrict the access only for a limited number of IP addresses that are trusted.
For extreme security, we prohibit all connections to the API for protection, by adding the following entry in the Panel config file ‘/usr/local/psa/admin/conf/panel.ini’:
But in most servers, API would be required for common functionalities such as migration or 3rd party software features. So, usually we limit connections to the API only to specific IP addresses:
1. During account migration process, when IP address used to access the API is not in this list of allowed IPs for which login to Plesk with administrator’s privileges is allowed on the destination server, it would show the error ‘Access to API is disabled’.
2. If API is disabled in the target server to which migration is attempted, yet again it would cause the migration to fail, with the error message ‘Access to API is disabled’.
The log files ‘/usr/local/psa/var/modules/panel-migrator/sessions/<session_date>/info.log’ and ‘/usr/local/psa/var/modules/panel-migrator/sessions/<session_date>/info.log’ gives the details of this error.
3. Another reason why the error happens is when the 8443 TCP port is closed on the target server for any security reasons, and connection to that port fails, causing the migration to fail.
We verify the connectivity to the target server using ‘telnet’ command to the port 8443 of target server. The error message in that case is also ‘Access to API is disabled’.
[ Use your time to build your business. We’ll take care of your customers. Hire our tech support specialists at affordable pricing. ]
How to resolve the error “Access to API is disabled” in Plesk servers
To resolve the API access error, we first check the reason for the error and apply the fix based on the cause for it, which was discussed in the previous section.
All these fixes have to be done on the target server, which is usually the destination server to which migration is attempted, or any other server that returns this API error.
1. The first step is to ensure that connectivity to port 8443 is allowed in the destination server. If the telnet shows failure in connecting, we allow connection to 8443 TCP port on the target server:
# iptables -I INPUT 1 -p tcp --dport 8443 -j ACCEPT
After allowing the port, we check the connectivity from the remote IP to the destination server using ‘telnet’ and confirm its working fine.
2. If API feature is disabled in the destination server, enable API by setting ”enabled = on’ under [api]” in the Panel config file ‘/usr/local/psa/admin/conf/panel.ini’.
[api] enabled = on
3. If the error message shows ‘error 1006 Access to API is disabled for IP-address’, it means that the specified IP address is restricted from accessing the API.
After verifying the authenticity of the IP, we add this IP address to the list of networks from which login to Plesk with administrator’s privileges is allowed on the destination server.
This is done with the option ‘Tools&Settings > Restrict Administrative Access > Add Network’. Once the API is enabled and IP address is allowed access, we attempt migration again and it works fine.
[ You don’t have to lose your sleep to keep your customers happy. Get the best support specialists to care for your customers 24/7. ]
At Bobcares, our 24/7 server specialists constantly monitor all the services in the server and proactively audit the server for any errors or corruption in them.
This enables us to prevent a service downtime for our customers who are web hosts. By following a systematic debugging approach for service or other errors, we have been able to minimize the customer complaints involved.
If you would like to know how to avoid downtime for your customers due to service failures, we would be happy to talk to you.