Postman Collection
Postman Collection
WisPanel ships an official Postman collection covering all 116 endpoints across 15 folders. Use it for interactive exploration, prototype scripts, or as a reference when wiring the API into a client.
Download
The current collection lives in the SDK release bundle:
sdk/whmcs/wispanel-api.postman_collection.json
Or fetch a copy from the panel's docs distribution. Future releases will pin a stable URL on https://wispanel.com/downloads/.
Folder layout
| # | Folder | Endpoints |
|---|---|---|
| 01 | Auth & Session | 14 (login, 2FA, login-as, audit, sessions) |
| 02 | Users & Resellers | 14 (CRUD, sessions, paginated lists) |
| 03 | Domains | 13 (CRUD, vhost, paginated) |
| 04 | DNS | 6 (zones, records) |
| 05 | SSL Certificates | 5 (issue, renew, CSR) |
| 06 | Databases | 5 (CRUD, paginated) |
| 07 | 7 (accounts, forwarders) | |
| 08 | FTP | 3 |
| 09 | File Manager | 10 |
| 10 | Cron Jobs | 4 |
| 11 | Backup & Restore | 5 |
| 12 | WordPress | 4 |
| 13 | Security | 9 |
| 14 | System & Services | 12 (incl. resource widget endpoints) |
| 15 | Webhooks | 5 (subscribe, list, get, patch, delete) |
Setup
The collection ships with three variables:
| Variable | Default | Purpose |
|---|---|---|
base_url |
https://YOUR_SERVER:3082 |
Your panel URL |
token |
empty | JWT from POST /auth/login, set on the Auth folder |
username |
john |
Used as :username path param in user-scoped endpoints |
domain |
example.com |
Used as :domain path param |
- Click the collection root → "Variables" tab.
- Set
base_urlto your panel. - Run the Login request in folder 01. Copy the returned
tokeninto thetokenvariable. - Subsequent requests authenticate automatically via Bearer auth.
Idempotency-Key examples
Mutating endpoints in folders 02, 03, and 15 ship with an
Idempotency-Key: {{$guid}} header pre-populated. Postman's $guid
generates a fresh UUID per send; the panel deduplicates retries
within 24 hours.
To force a deliberate retry of the same operation, replace $guid
with a literal UUID and re-send — the response body is replayed and
the panel does not execute the operation a second time.
v1.4.1 highlights documented inline
The collection's top-level description summarises the v1.4.1 features your client should be aware of:
- Sliding-window token refresh (watch for
X-New-Tokenheader) - Per-role IP binding defaults
- TokenVersion (
tv) revocation - Login-as 2FA gate
- Rate-limit response headers
- Opt-in pagination on list endpoints
- Idempotency-Key contract
- OpenAPI 3.0 spec at
GET /openapi.yaml
Codegen
Postman can export to many formats. For a typed client, prefer the
OpenAPI spec at GET /openapi.yaml (no auth required) which is
machine-generated and stays in sync with each release.
curl -o openapi.yaml https://YOUR_SERVER:3082/openapi.yaml
openapi-generator-cli generate -i openapi.yaml -g php -o ./client