Accessing Remote API as non-root user

Using PHP, I’d like to programmatically pull a list of domains using with the Remote API to display on an authenticated web page. However, I don’t want to store the root password on that server, for security reasons.

According to the documentation, “Only the master administrator can access the remote API though, as it can be used to perform almost any action in Virtualmin, and thus would be unsafe for server owners or resellers to use.” (

Can I create a second master administrator to do this? Preferably, I’d like to create a user that DOESN’T have ssh access to the server, and limit their permissions to only accessing

What is the best approach to doing this?

Answering my own question.

After experimenting with webmin user permissions, it appears the only module the user needs permission to use is Virtualmin Virtual Servers. I edited the webmin.acl file to add “virtual-server” permission to the user, and the Remote API call is working.