WHMCS Single Sign-On

From WHMCS Documentation

WHMCS Single Sign-on allows trusted applications and third parties to authenticate users into a WHMCS installation automatically, without the user having to re-authenticate.

Users are redirected to a specific WHMCS client area destination based on a single-use access token acquired by your trusted system.

Supported Integrations

You can leverage WHMCS SSO through the follow integrations


The CreateSsoToken API allows you to script your own token generation, on demand, and is a powerful way to provide redirection from one secure system you operate into WHMCS.

Supported Applications

Applications rely on under-the-hood mechanisms using an existing trust between your WHMCS and a remote client resource to provide seamless login from the resource into WHMCS.

The following applications are known to support and integrate WHMCS Single Sign-On:


Q. What if my customer doesn't want Single Sign-On?
A. A client area security setting means end users are in complete control of whether or not Single Sign-On is allowed for their client account. They can enable/disable it at any time simply via the Account > Security Settings section of the client area.

Q. How secure is it?
A. Our Single Sign-On implementation is based on the popular and widely used OAuth 2.0 authorization framework which outlines a secure workflow for accessing user data while protecting their account credentials.

Q. I'm a developer, how can I use it?
A. Developers should refer to our WHMCS Single Sign-On Developer Guide for technical information.