WebWide Partner Control Center 3.1
Lost your password?

Securing Your WebWide Partner Account – How to Effectively Protect Access and API Usage

Tue, 15. Jul 2025

Protecting your WebWide partner account is essential – especially if you're managing customer data, registering domains, or using the API for automated processes. With just a few key measures, you can significantly increase security and prevent unauthorized access. Below is an overview of the available security features – for both the...

» Show full text

Protecting your WebWide partner account is essential – especially if you're managing customer data, registering domains, or using the API for automated processes. With just a few key measures, you can significantly increase security and prevent unauthorized access.

Below is an overview of the available security features – for both the Web interface and the API.

Password Recommendations

A strong password is your first line of defense against unauthorized access. We recommend:

  • At least 12 characters in length

  • A mix of uppercase and lowercase letters, numbers, and special characters

  • Avoid using real names, company names, or easily guessed words

  • Use a password manager to generate and store secure passwords

You can change your password for the Web interface and API at any time in your account settings.

Two-Factor Authentication (2FA)

Enable two-factor authentication (2FA) for additional login protection.

For the Web Interface:
  • Email-based 2FA: You'll receive a verification code via email each time you log in

  • Authenticator app: Use an app like Google Authenticator or Authy to generate a 6-digit time-based code

For API Access:
  • Enable TOTP authentication in your account settings

  • You'll receive a secret key that can be used with any TOTP library (e.g., Python, PHP, Node.js)

  • The 6-digit TOTP code is valid for 30 seconds and must be sent with each API request via the X-TOTP header

Example header:

X-TOTP: 123456

IP Whitelisting – Restrict Access to Trusted Sources

You can further secure access to both the Web interface and the API by limiting it to specific IP addresses:

  • Define allowed IPs directly in your account settings

  • Access from any unlisted IP will be automatically blocked

  • Strongly recommended for API usage from servers with static IP addresses


Sub-Users with Restricted Permissions

As a reseller, you can create additional user accounts with custom access rights. This is especially useful when multiple team members or departments require access to the system but should not see or use all functions.

Setup is available in the Web interface under “Brand” → “Sub-Users”
Here, you can assign specific roles, such as read-only access, domain management without billing, or technical-only access.


Conclusion

By combining strong passwords, two-factor authentication, IP whitelisting, and role-based access control, you create a robust security foundation for your reseller account. These measures are not only technically effective – they also help build trust with your customers.

If you need assistance with setup or have security-related questions, our support team is here to help at any time.