Billing System API Tokens
Overview
When you connect an external billing system (WHMCS, Blesta, HostBill, or anything that talks to the platform's billing API) it needs a way to authenticate its requests. That is what a billing API token is: a long secret string the external system attaches to every API call, plus a stored record on the Master that ties the token to a specific source IP.
Tokens are generated, listed, enabled, disabled and removed from the management server's shell using the hvcli api:billing-token command. The token's secret value is shown exactly once, at creation time, and is never recoverable afterwards.
Concepts
- A token is a UUID-keyed record stored on the Master. Each token has a name, an optional description, the source IP it is bound to, and an enabled/disabled flag.
- The token ID (a UUID) is what you use to enable, disable or remove a token later. The token itself (the actual secret) is shown only at creation time.
- An IP-bound token is rejected if it arrives from any IP other than the one it was created for. This means a leaked token cannot be used from an attacker's server.
Admin steps
Generate a new token
SSH into the management server and run:
hvcli api:billing-token generate
You will be prompted for:
- IP Address: the public IP of the billing system that will use this token (for example, your WHMCS server's IP).
- Name: a label for your own reference, for example
WHMCS-Production. - Description: optional free text.
Sample output:
Success! Your new API token:
Token ID: 550e8400-e29b-41d4-a716-446655440000
Token: *********
WARNING: This token will NEVER be shown again!
Copy the Token value into the billing system's configuration immediately. If you lose it, you have to generate a new token; there is no recovery flow.
List existing tokens
hvcli api:billing-token list
Sample output:
+--------------------------------------+------------------+---------------------+----------------+---------+
| ID | Name | Description | IP Address | Enabled |
+--------------------------------------+------------------+---------------------+----------------+---------+
| 550e8400-e29b-41d4-a716-446655440000 | WHMCS-Production | Primary integration | 203.0.113.45 | Yes |
| 3d8d8e80-2b97-11ed-a261-0242ac120002 | Backup-System | Failover server | 198.51.100.10 | No |
+--------------------------------------+------------------+---------------------+----------------+---------+
The ID column is what you pass to enable, disable or remove commands.
Enable, disable or remove a token
# Enable a previously disabled token
hvcli api:billing-token enable 550e8400-e29b-41d4-a716-446655440000
# Temporarily turn a token off without deleting it
hvcli api:billing-token disable 550e8400-e29b-41d4-a716-446655440000
# Delete a token permanently
hvcli api:billing-token remove 550e8400-e29b-41d4-a716-446655440000
Disabled tokens are kept in the list but every API call using them is rejected.
Security best practices
- Store the token in the billing system's encrypted credentials store, not in plain text files.
- Always set an IP restriction; never leave the IP blank.
- Rotate tokens every 6-12 months. Generate a new one, swap it in the billing system, then
removethe old one. - Disable immediately if a token may have leaked; investigate before removing.