Oauth2- works for clients, administrators, or both?

Hi,

I'm building an application which is to be used by folks who have a WHMCS administrator account. The app is not available to clients in this WHMCS instance.

Can I use WHMCS Oauth2 for this? Are administrator accounts available via Oauth2?

I've reviewed http://docs.whmcs.com/OpenID_Connect_Developer_Guide and https://forum.whmcs.com/showthread.php?109078-Introducing-WHMCS-Single-Sign-On but they don't explicitly say whether administrators are available in oauth.

Thanks,

Matt Fox

I think its only for customers but I could be wrong.

Why do you want this for administrators in the first place?

Its not like companies have hundreds of people accessing WHMCS Admin side. Regular people should not have access to the admin side, only staff on your company, so I don't see why its so hard to create the accounts manually. I guess you could tap into the database directly but I fail to see why you want this for administrators side which is a security sensitive area already.

You are building an application for folks using WHMCS as administrators right?

I think someone using his WHMCS staff/admin logins with a third party or connecting to an external app without permission would probably be fired in the first place. How many people or companies do you think allow their admin rights to be connected to third party apps? WHMCS does hold sensitive information like server logins and others stuff after all.

I can only see this being used for malicious purposes. Most admins probably also restricted their admin installations in the first place (or should).

There is not an API method for this sadly. But what is your use case here?

I have built Office365 OAuth integration that automatically creates the account in WHMCS etc - it's not documented, but you have to use the internal classes. I had to use the PHP function get_class_methods to find out how to do it.

Is this what you're trying to do?

There is not an API method for this sadly. But what is your use case here?

 

I have built Office365 OAuth integration that automatically creates the account in WHMCS etc - it's not documented, but you have to use the internal classes. I had to use the PHP function get_class_methods to find out how to do it.

 

Is this what you're trying to do?

No, it's the other way around. I'm not trying to manage WHMCS admin accounts, I'm trying to use those accounts to grant access to my application, just to avoid yet another place where an account needs to be created or removed when employees change.

Thanks for your input. Looks like we'll just manage accounts in this app manually.