Restricting Remote Access via XML API

For integration purposes, Plesk has the API called XML API that lets third party-software interact with Plesk. This interface allows Plesk operations, for example, creating customer accounts or subscriptions, to be called remotely. At the same time, the remote API can be used for malicious purposes. For example, an attacker can try to use the API to gain control over your server.

To improve Plesk protection from attacks that use the remote interface, you can prohibit connections through XML API completely, or allow them only for a limited number of IP addresses that you trust by adding the following lines to the panel.ini file.

To prohibit all connections:

enabled = off

To allow connections only from specific IP addresses:

allowedIPs = <IP_addresses>

<IP_addresses> here is a comma-separated list of IP addresses from which software can connect to Plesk via XML API.


Leave your feedback on this topic here

If you have questions or need support, please visit the Plesk forum or contact your hosting provider.
The comments below are for feedback on the documentation only. No timely answers or help will be provided.