The CloudPanel API is secured by using an API key, user permissions, and IP addresses. Each API key is tied to a user in CloudPanel and locked down so the key can only be used by specific IP Addresses. Since the API is bound to a user in the CloudPanel database, it will inherit the same permissions as if the user were to log into the CloudPanel portal.
The API key must be passed as a query parameter for all requests.