We have a new documentation site for cPanel & WHM! You can find our new documentation site at docs.cpanel.net.

We will continue to maintain our API documentation on this server.

Child pages
  • WHM API 1 Functions - add_zone_key
Skip to end of metadata
Go to start of metadata

Description

This function generates a DNSSEC zone key for a domain.

Note:

Only servers that run PowerDNS can use DNSSEC. If you call this function on a server that doesn't use PowerDNS, you will receive an error.


Note:

  • After you enable DNSSEC on the domain, you must add the Delegation of Signing (DS) records to your zone record and your registrar.
  • You cannot modify the DNSSEC security key. To make any changes, you must disable, delete, and re-create the DNSSEC security key.

Examples 


 JSON API
https://hostname.example.com:2087/cpsess##########/json-api/add_zone_key?api.version=1&domain=example.com&algo_num=8&key_type=ksk&key_size=2048&active=1
 Command Line
whmapi1 add_zone_key domain=example.com algo_num=8 key_type=ksk key_size=2048 active=1


Notes:

  • Unless otherwise noted, you must URI-encode values.
  • For more information and additional output options, read our Guide to WHM API 1 documentation or run the whmapi1 --help command.
  • If you run CloudLinux™, you must use the full path of the whmapi1 command:

    /usr/local/cpanel/bin/whmapi1

 Output (JSON)
{
   "data":{
      "new_key_id":"1"
   },
   "metadata":{
      "version":1,
      "command":"add_zone_key",
      "reason":"OK",
      "result":1
   }
}


Note:

Use WHM's API Shell interface (WHM >> Home >> Development >> API Shell) to directly test WHM API calls.

Parameters

ParameterTypeDescriptionPossible valuesExample
domainstring

Required

The domain for which to enable DNSSEC.

A valid domain.example.com
algo_numinteger

Required

The algorithm that the system uses to generate the security key.

  • 5 — RSA/SHA-1
  • 6 — DSA-NSEC3-SHA1
  • 7 — RSASHA1-NSEC3-SHA1
  • 8 — RSA/SHA-256
  • 13 — ECDSA Curve P-256 with SHA-256
  • 14 — ECDSA Curve P-384 with SHA-384

Note:

We recommend that you use a ECDSA Curve P-256 with SHA-256 (13) value if your registrar supports it.

13
key_typestring

Required

The type of security key to add.

  • ksk — Key Signing Key.
  • zsk — Zone Signing Key

Note:

You must call these values in lowercase.

ksk
activeBoolean

Whether to activate the new security key.

This parameter defaults to 1.

  • 1 — Activate.
  • 0 — Do not activate.
1
key_sizeinteger

The security key size, in bits.

This parameter defaults to the following values, depending on the algo_num and key_type values:

algo_numkey_type
kskzsk
520481024
620481024
720481024
820481024
13256256
14384384
  • 256
  • 384
  • 1024
  • 2048
2048

Returns

ReturnTypeDescriptionPossible valuesExample
new_key_idstringThe security key's ID.A valid ID.1