Securing Your WebWide Partner Account – How to Effectively Protect Access and API Usage
Tue, 15. Jul 2025
Protecting your WebWide partner account is essential – especially if you're managing customer data, registering domains, or using the API for automated processes. With just a few key measures, you can significantly increase security and prevent unauthorized access. Below is an overview of the available security features – for both the...
» Show full text
Protecting your WebWide partner account is essential – especially if you're managing customer data, registering domains, or using the API for automated processes. With just a few key measures, you can significantly increase security and prevent unauthorized access.
Below is an overview of the available security features – for both the Web interface and the API.
Password Recommendations
A strong password is your first line of defense against unauthorized access. We recommend:
-
At least 12 characters in length
-
A mix of uppercase and lowercase letters, numbers, and special characters
-
Avoid using real names, company names, or easily guessed words
-
Use a password manager to generate and store secure passwords
You can change your password for the Web interface and API at any time in your account settings.
Two-Factor Authentication (2FA)
Enable two-factor authentication (2FA) for additional login protection.
For the Web Interface:
For API Access:
-
Enable TOTP authentication in your account settings
-
You'll receive a secret key that can be used with any TOTP library (e.g., Python, PHP, Node.js)
-
The 6-digit TOTP code is valid for 30 seconds and must be sent with each API request via the X-TOTP
header
Example header:
X-TOTP: 123456
IP Whitelisting – Restrict Access to Trusted Sources
You can further secure access to both the Web interface and the API by limiting it to specific IP addresses:
-
Define allowed IPs directly in your account settings
-
Access from any unlisted IP will be automatically blocked
-
Strongly recommended for API usage from servers with static IP addresses
Sub-Users with Restricted Permissions
As a reseller, you can create additional user accounts with custom access rights. This is especially useful when multiple team members or departments require access to the system but should not see or use all functions.
Setup is available in the Web interface under “Brand” → “Sub-Users”
Here, you can assign specific roles, such as read-only access, domain management without billing, or technical-only access.
Conclusion
By combining strong passwords, two-factor authentication, IP whitelisting, and role-based access control, you create a robust security foundation for your reseller account. These measures are not only technically effective – they also help build trust with your customers.
If you need assistance with setup or have security-related questions, our support team is here to help at any time.