News

Meet WisPanel — The next-gen control panel built for speed, security && simplicity!

Your powerful WisPanel 1.13.19 is here !

API Documentation

Integrate WisPanel with your applications using our comprehensive REST API.

API Reference

Base URL

https://your-server-ip:2083/api/v1

All API endpoints are relative to this base URL.

Users

Users

Manage user accounts. Admin → any user; reseller → own users. Base: /api/v1/users · Auth: Authorization: Bearer wsp_…

Error envelope: { "success": false, "code": "VALIDATION_ERROR", "error": "Username, email, and password are required", "message": "…", "status": 400 }

List / get

GET /api/v1/users/ → array; GET /api/v1/users/:username → one (flat object). GET one — Response 200 (verified live):

{ "username": "john", "email": "[email protected]", "role": "user",
  "status": "active", "creator": "admin", "package": "default",
  "max_domains": 1, "max_databases": 2, "max_email_accounts": 5,
  "max_ftp_accounts": 1, "disk_quota_mb": 1024,
  "bandwidth_quota_mb": 5120, "can_use_ssl": true,
  "can_use_ssh": false, "can_use_cron": true,
  "disk_usage_mb": 1, "bandwidth_usage_mb": 0, "domain_count": 0,
  "domains": [], "ips": ["161.248.4.182"],
  "created_at": "2026-05-18T17:46:30+07:00",
  "updated_at": "2026-05-18T17:46:30+07:00" }

Create — POST /api/v1/users/

Request:

{ "username": "john", "email": "[email protected]",
  "password": "S3cure•pass", "role": "user", "package": "default" }

username/email/password required; role (user|reseller, default user), package optional.

Response 201 (verified live — object wrapped in user):

{ "user": { "username": "john", "email": "[email protected]",
    "role": "user", "status": "active", "creator": "admin",
    "package": "default", "max_domains": 1, "max_databases": 2,
    "max_email_accounts": 5, "max_ftp_accounts": 1,
    "disk_quota_mb": 1024, "bandwidth_quota_mb": 5120,
    "can_use_ssl": true, "can_use_ssh": false, "can_use_cron": true,
    "created_at": "2026-05-18T17:46:30+07:00",
    "updated_at": "2026-05-18T17:46:30+07:00" } }

Response 400 (verified live): … "error": "Username, email, and password are required" …

Delete — DELETE /api/v1/users/:username

⚠️ Requires a body confirming the username (a plain DELETE → 400 Invalid request body).

Request:

{ "confirm_username": "john" }

Response 200 (verified live):

{ "message": "User permanently deleted",
  "deleted_domains": 0, "deleted_databases": 0,
  "deleted_cronjobs": 0 }

Update / limits / status / keys

PUT /users/:username { "email": "[email protected]" }; PUT /users/:username/limits { "disk_quota_mb": 5120, "max_domains": 10 }; PUT /users/:username/status { "status": "suspended" }; PUT /users/:username/package { "package": "User 10GB" }. API keys: see Authentication.

Conventions → Authentication, Error Handling.

WordPress Toolkit Version, Updates & License

Rate Limiting

API requests are limited to 60 requests per minute per API token.

  • X-RateLimit-Limit: Maximum requests per minute
  • X-RateLimit-Remaining: Remaining requests
  • X-RateLimit-Reset: Unix timestamp when limit resets