cpanel_uapi
Run one cPanel operation against the cPanel account behind one of the caller's hosting services and return a normalized result { ok, data, errors[], warnings[] }. module is a cPanel UAPI module (e.g. "Email"); function is an operation in that module (e.g. "list_pops"); params is a JSON object of that operation's parameters. Only modules JetHost has enabled are available — an unknown or disabled module returns an error. Within an enabled module every operation passes through, INCLUDING ones that change or delete data, so this is a state-changing, potentially destructive call: confirm with the user before running a mutating operation. The cPanel account is resolved from the owned service; a service the caller does not own returns error=not_found. Requires the cpanel:uapi scope. data is the UAPI payload; cPanel base64-encoded fields (e.g. DNS::parse_zone dname_b64/data_b64/text_b64) are decoded to readable values under the same key without the _b64 suffix. TIP — writing PHP source: a WAF on the request path rejects any params carrying the literal "<?php" (case-insensitive; e.g. Fileman::save_file_content writing a .php file). It surfaces as a transport-level error, NOT an {ok:false} payload. Plain text and PHP files using the short tag "<?" / "<?=" pass through (short tags only run where short_open_tag=On). To deploy PHP files reliably prefer deploy_private_repo (git + .cpanel.yml), which clones over SSH and bypasses this path. NOTE — Fileman has no delete/copy/move/mkdir function; save_file_content cannot create parent directories.
Invoked over the MCP transport with a tools/call request naming this tool.
Authorization #
Requires a valid OAuth 2.1 bearer access_token whose grant includes the cpanel:uapi scope — Manage your hosting account via cPanel — read and change settings on the cPanel features JetHost has enabled (this can modify your account). The broker resolves the caller from the token and returns only records the account owns.
Parameters #
Response #
200 · application/json
Errors #
| Result | When |
|---|---|
| { "error": "unknown_module" } | See the tool description for when this result is returned. |
| { "error": "invalid_function" } | See the tool description for when this result is returned. |
| { "error": "not_found" } | The requested item does not exist, or it belongs to another account. Cross-account IDs are indistinguishable from missing ones by design. |