API:Validate Login

Jump to: navigation, search


This command can be used to validate an email address and password against a registered user in WHMCS. If a match is found, it will return successful with the userid and password hash which can then be used to set the $_SESSION['uid'] and $_SESSION['upw'] values respectively in the users session to auto log the user in to WHMCS.


  • email - the email address of the user trying to login
  • password2 - the password they supply for authentication

Example Command

External API

 $postfields["action"] = "validatelogin";
 $postfields["email"] = "[email protected]";
 $postfields["password2"] = "abc123";

Internal API

 $command = "validatelogin";
 $adminuser = "admin";
 $values["email"] = "[email protected]";
 $values["password2"] = "abc123";
 $results = localAPI($command,$values,$adminuser);

Successful Response

 result = success
 userid = matching client ID (if successful)
 contactid = (if a sub-account of a client)
 passwordhash = the password hash needed for the login session

Error Response

result=error&message=Email or Password Invalid # Invalid Email or Password Given.