WHMCS Single Sign-On

From WHMCS Documentation

WHMCS Single Sign-on allows trusted applications and third parties to authenticate users into a WHMCS installation automatically, without the user having to re-authenticate.

Users are redirected to a specific WHMCS client area destination based on a single-use access token acquired by your trusted system.

Supported Integrations

You can leverage WHMCS SSO via the following methods:


The CreateSsoToken API allows you to script your own token generation, on demand, and is a powerful way to provide redirection from one secure system you operate into WHMCS.

Supported Applications

Applications rely on under-the-hood mechanisms using an existing trust between your WHMCS and a remote client resource to provide seamless login from the resource into WHMCS.

The following applications are known to support and integrate WHMCS Single Sign-On:


Q. What if my customer doesn't want Single Sign-On?
A. A client area security setting means end users are in complete control of whether or not Single Sign-On is allowed for their client account. They can enable/disable it at any time simply via the Account > Security Settings section of the client area.

Q. How secure is it?
A. Our Single Sign-On implementation is based on the popular and widely used OAuth 2.0 authorization framework which outlines a secure workflow for accessing user data while protecting their account credentials.

Q. I'm a developer, how can I use it?
A. Developers should refer to our WHMCS Single Sign-On Developer Guide for technical information.