Reseller Control Panel

User passwords expire every 180 days. When a user signs into the RCP with an expired password, they will be prompted to create a new password.

Previously, changing the password at the prompt was optional, but in the interest of increased security, we have decided to make it mandatory.


Our platform supports two options for API authentication; your username with either your password or with password hash. Please see our API Documentation for more details.

Please note, every time you change your password in the RCP, a new hash value will be generated for the corresponding username.  If your hash expires (every 180 days), your API calls will fail and return an authentication error.

Some other reasons to change your password/password hash:

  • If you saw someone looking over your shoulder as you were typing your password
  • If you have reason to believe your password has been stolen
  • If you shared your password with a friend or colleague
  • If your current password is weak
  • If it will make you feel better or if you just feel like it’s time for a change

If any of these apply to you, then by all means go ahead and change your password and password hash!

Future Plans

By the end of May, we will be providing you more control over which of your contacts have API access. By default, API access for newly created accounts will not be active. To enable API access for a given contact, the administrator contact must explicitly enable API access. Once this feature is available, we’ll make an additional announcement for you to review which of your contacts are actually used for API integrations, and advise you to switch off access for others.

Please take a look at our recent blog post about security.

You must be logged in to post a comment.