WHMCS Single Sign-On
WHMCS Single Sign-on allows trusted applications and third parties to authenticate users into a WHMCS installation automatically, without the user having to re-authenticate.
Users are redirected to a specific WHMCS client area destination based on a single-use access token acquired by your trusted system.
You can leverage WHMCS SSO via the following methods:
The CreateSsoToken API allows you to script your own token generation, on demand, and is a powerful way to provide redirection from one secure system you operate into WHMCS.
Applications rely on under-the-hood mechanisms using an existing trust between your WHMCS and a remote client resource to provide seamless login from the resource into WHMCS.
The following applications are known to support and integrate WHMCS Single Sign-On:
Q. What if my customer doesn't want Single Sign-On?
A. A client area security setting means end users are in complete control of whether or not Single Sign-On is allowed for their client account. They can enable/disable it at any time simply via the Account > Security Settings section of the client area.
Q. How secure is it?
A. Our Single Sign-On implementation is based on the popular and widely used OAuth 2.0 authorization framework which outlines a secure workflow for accessing user data while protecting their account credentials.
Q. I'm a developer, how can I use it?
A. Developers should refer to our WHMCS Single Sign-On Developer Guide for technical information.