In this tutorial, we'll learn how to utilize Plesk APIs to manage task.
As a web hosting provider, streamlining daily tasks through automation is key to scaling your services efficiently. Whether you're managing customer accounts, deploying domains, setting up email addresses, or customizing server configurations — Plesk APIs provide a powerful interface to automate and integrate these actions within your own systems or portals.
We’ll walk through how to leverage the latest Plesk API capabilities to automate hosting management workflows in a secure and production-ready manner. This guide is crafted for developers, sysadmins, and IT entrepreneurs looking to save time, minimize human error, and boost operational agility.
Why Use the Plesk API?
Plesk offers two main interfaces for automation:
- Plesk XML API (legacy) – Still functional but slowly being phased out.
- Plesk REST API (modern) – More developer-friendly, using standard JSON responses, easier authentication, and better integration with external platforms.
This tutorial focuses on the Plesk REST API, as it’s the current and recommended method for automation tasks.
Prerequisites
Before you start using the API, ensure the following:
- A Ubuntu 24.04 dedicated server or KVM VPS.
- You have root or admin access to your Plesk server.
- Plesk version 18.x or later (REST API support is best on newer releases).
- Enable the REST API via the Plesk Extension: “Plesk API”.
- Generate or retrieve an API token for authentication.
To install the REST API extension:
plesk installer --select-release-current --install-component plesk-rest-api
To generate an API token (in Plesk GUI):
- Go to Tools & Settings → API Tokens
- Create a new token, define its permissions (e.g., full admin), and copy it.
Base API Request Structure
Plesk REST API is hosted at:
https://your-server.com:8443/api/v2/
You’ll authenticate by adding a token in your HTTP header:
Authorization: Bearer YOUR_API_TOKEN
Use tools like curl, Postman, or any programming language with HTTP support (Python, PHP, Node.js) to interact with it.
1. Create a New Customer Account
Endpoint:
POST /api/v2/clients
Request:
{
"name": "John Doe",
"login": "johndoe",
"password": "StrongPassword123!",
"email": "john@example.com",
"type": "customer"
}
Sample curl command:
curl -k -X POST https://your-server.com:8443/api/v2/clients \
-H "Authorization: Bearer YOUR_API_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"name": "John Doe",
"login": "johndoe",
"password": "StrongPassword123!",
"email": "john@example.com",
"type": "customer"
}'
2. Create a Domain for a Customer
Once the client is created, you can assign a domain.
Endpoint:
POST /api/v2/domains
Request:
{
"name": "exampledomain.com",
"client_id": 1, // Use the ID returned when creating the client
"hosting_type": "virtual",
"hosting_settings": {
"ftp_login": "exampleftp",
"ftp_password": "FtpPass123!",
"ip_address": "your.server.ip.address"
}
}
3. Create Email Account Under a Domain
Endpoint:
POST /api/v2/mail/mailboxes
Request:
{
"mailname": "info",
"domain": "exampledomain.com",
"password": "EmailPass123!"
}
This will create info@exampledomain.com.
4. List All Subscriptions
This is useful for showing your client a dashboard of active services.
Endpoint:
GET /api/v2/subscriptions
Request:
curl -k -X GET https://your-server.com:8443/api/v2/subscriptions \
-H "Authorization: Bearer YOUR_API_TOKEN"
This returns a list of all active hosting plans assigned to customers.
5. Suspend a Domain or Account (Useful for Non-payment)
Suspend Domain:
PATCH /api/v2/domains/{domain_id}
Request:
{
"status": "suspended"
}
Suspend Client Account:
PATCH /api/v2/clients/{client_id}
Request:
{
"status": "suspended"
}
You can resume by setting "status": "active".
6. Delete a Customer or Domain
Use with caution. These actions are irreversible.
Delete a Domain:
DELETE /api/v2/domains/{domain_id}
Delete a Client:
DELETE /api/v2/clients/{client_id}
Automate with Python Example
Here’s a basic Python snippet using requests:
import requests
BASE_URL = "https://your-server.com:8443/api/v2"
TOKEN = "YOUR_API_TOKEN"
HEADERS = {"Authorization": f"Bearer {TOKEN}", "Content-Type": "application/json"}
def create_customer():
payload = {
"name": "Alice Hosting",
"login": "aliceh",
"password": "Secure123!",
"email": "alice@example.com",
"type": "customer"
}
response = requests.post(f"{BASE_URL}/clients", json=payload, headers=HEADERS, verify=False)
print(response.status_code, response.json())
create_customer()
Make sure to set verify=False only for self-signed SSL certificates.
Security Best Practices
- Always use HTTPS and valid SSL certificates.
- Scope API tokens to only the permissions needed.
- Rotate tokens periodically.
- Use firewall rules or allowlists for IP-restricted access to your Plesk panel.
- Implement rate limiting if integrating into public apps or portals.
Final Thoughts
The Plesk REST API is a powerful tool for modern web hosts looking to eliminate manual tasks and deliver seamless provisioning and control experiences to customers. Whether you're integrating it into your own client dashboard, a billing platform, or automating server provisioning — these endpoints form the backbone of a flexible, scalable infrastructure.
By investing time into API automation today, you’ll future-proof your hosting stack and deliver faster, more reliable services to your clients.
If you’re running your business on Plesk and haven’t embraced its APIs yet — now is the perfect time.
For full documentation, refer to Plesk’s REST API reference (always check the latest version based on your Plesk build).
