Difference between revisions of "OAuth"
(→More Information) |
(→How does authentication work?) |
||
(One intermediate revision by one other user not shown) | |||
Line 8: | Line 8: | ||
There are several reasons we use OAuth. Most importantly, your app doesn't need to store or transmit the user's WHMCS password. OAuth also allows the user to authorize only a limited set of permissions and the user may revoke access at any time. This makes OAuth a safer and more secure form of API authorization for your users. | There are several reasons we use OAuth. Most importantly, your app doesn't need to store or transmit the user's WHMCS password. OAuth also allows the user to authorize only a limited set of permissions and the user may revoke access at any time. This makes OAuth a safer and more secure form of API authorization for your users. | ||
− | ==OAuth | + | ==Related Features== |
+ | |||
+ | * [[WHMCS Single Sign-On]] | ||
+ | * [[Application Links]] | ||
+ | * [[OpenID Connect]] | ||
+ | |||
+ | ==Typical OAuth/OpenID Connect Workflow== | ||
Here's how the process works. | Here's how the process works. | ||
Line 17: | Line 23: | ||
#After the user approves your app, they'll be redirected back to your app with an authorization code. | #After the user approves your app, they'll be redirected back to your app with an authorization code. | ||
#Your app can then use this authorization code to make a request for a re-usable access token which can be used to make subsequent requests to the WHMCS API. This takes place in the background and should not be visible to end users. | #Your app can then use this authorization code to make a request for a re-usable access token which can be used to make subsequent requests to the WHMCS API. This takes place in the background and should not be visible to end users. | ||
+ | |||
+ | ==How does authentication work?== | ||
+ | |||
+ | All OAuth requests require a valid API Client Credential Identifier and Secret. Credentials for OpenID connect can be created via the [[OpenID Connect]] admin interface. For Single Sign-On credentials, we recommend using the Provisioning Module API for Application Links. Alternatively, you can provision and manage OAuth Client Credentials via the WHMCS API. | ||
+ | |||
+ | The following API commands exist for interacting with OAuth/OpenID Connect credentials in WHMCS: | ||
+ | |||
+ | * [https://developers.whmcs.com/api-reference/listoauthcredentials/ ListOAuthCredentials] | ||
+ | * [https://developers.whmcs.com/api-reference/createoauthcredential/ CreateOAuthCredential] | ||
+ | * [https://developers.whmcs.com/api-reference/updateoauthcredential/ UpdateOAuthCredential] | ||
+ | * [https://developers.whmcs.com/api-reference/deleteoauthcredential/ DeleteOAuthCredential] | ||
==More Information== | ==More Information== | ||
For more information, please refer to our [[OpenID Connect|OpenID Connect User Guide]] and [[OpenID Connect Developer Guide]]. | For more information, please refer to our [[OpenID Connect|OpenID Connect User Guide]] and [[OpenID Connect Developer Guide]]. |
Latest revision as of 08:55, 13 April 2017
If you have an app or service that needs to interact with WHMCS on behalf of your users, you need to leverage OAuth. WHMCS uses OAuth 2, an open specification, which allows users to authenticate with WHMCS to both verify their identity and give your app permission to access their data.
Once authorization is completed by a user, the OAuth process returns an access token to your app. The access token is a string generated by the WHMCS instance that you'll need to send with each subsequent API request to uniquely identify both your app and the end user.
There are several reasons we use OAuth. Most importantly, your app doesn't need to store or transmit the user's WHMCS password. OAuth also allows the user to authorize only a limited set of permissions and the user may revoke access at any time. This makes OAuth a safer and more secure form of API authorization for your users.
Contents
Related Features
Typical OAuth/OpenID Connect Workflow
Here's how the process works.
- User presses a "Connect to WHMCS" button inside your app.
- Your app redirects the user to the WHMCS installation.
- The user logs into WHMCS and authorizes your app to access their WHMCS account using the permissions your app has requested.
- After the user approves your app, they'll be redirected back to your app with an authorization code.
- Your app can then use this authorization code to make a request for a re-usable access token which can be used to make subsequent requests to the WHMCS API. This takes place in the background and should not be visible to end users.
How does authentication work?
All OAuth requests require a valid API Client Credential Identifier and Secret. Credentials for OpenID connect can be created via the OpenID Connect admin interface. For Single Sign-On credentials, we recommend using the Provisioning Module API for Application Links. Alternatively, you can provision and manage OAuth Client Credentials via the WHMCS API.
The following API commands exist for interacting with OAuth/OpenID Connect credentials in WHMCS:
More Information
For more information, please refer to our OpenID Connect User Guide and OpenID Connect Developer Guide.