crspyjohn Posted September 20, 2013 Share Posted September 20, 2013 (edited) Hi, Is using API Access Key safe for a public iPhone application for signup, checking billing information etc? I'm worried if the APP is jailbroken, then the access key/admin/password would be public. Looked at the sample JSON code here, http://docs.whmcs.com/API:JSON_Sample_Code . Does the WHMCS API support SSL? John Edited September 20, 2013 by crspyjohn 0 Quote Link to comment Share on other sites More sharing options...
PHPCore Posted September 20, 2013 Share Posted September 20, 2013 One thing I always do is change $url = "http://www.yourdomain.com/includes/api.php"; # URL to WHMCS API file goes here $username = "Admin"; # Admin username goes here $password = "demoxyz"; # Admin password goes here $postfields = array(); $postfields["username"] = $username; $postfields["password"] = md5($password); to $url = "http://www.yourdomain.com/includes/api.php"; # URL to WHMCS API file goes here $username = "Admin"; # Admin username goes here $password = "d097c0b5730d44f798dc67b4d71e91e9"; // this is an md5 of the admin's password $postfields = array(); $postfields["username"] = $username; $postfields["password"] = $password; That way the password is an MD5 and not plain text, you can get an MD5 by going to http://www.md5.cz/ or running this in php <?php $plaintext = "PUT PASSWORD HERE"; $getmd5 = md5($plaintext); echo $getmd5; ?> 0 Quote Link to comment Share on other sites More sharing options...
crspyjohn Posted September 20, 2013 Author Share Posted September 20, 2013 One thing I always do is change $url = "http://www.yourdomain.com/includes/api.php"; # URL to WHMCS API file goes here $username = "Admin"; # Admin username goes here $password = "demoxyz"; # Admin password goes here $postfields = array(); $postfields["username"] = $username; $postfields["password"] = md5($password); to $url = "http://www.yourdomain.com/includes/api.php"; # URL to WHMCS API file goes here $username = "Admin"; # Admin username goes here $password = "d097c0b5730d44f798dc67b4d71e91e9"; // this is an md5 of the admin's password $postfields = array(); $postfields["username"] = $username; $postfields["password"] = $password; That way the password is an MD5 and not plain text, you can get an MD5 by going to http://www.md5.cz/ or running this in php <?php $plaintext = "PUT PASSWORD HERE"; $getmd5 = md5($plaintext); echo $getmd5; ?> Can you limit the Admin API access? Like the API user can only add accounts? 0 Quote Link to comment Share on other sites More sharing options...
PHPCore Posted September 20, 2013 Share Posted September 20, 2013 Sorry but no, the WHMCS API is encoded. There is currently no way of doing so. Good Idea though. 0 Quote Link to comment Share on other sites More sharing options...
HardSoftCode Posted September 20, 2013 Share Posted September 20, 2013 Hi I don't think so you can use WHMCS API for a mobile app you need to make your own API and include a (Pass Key) and (API Key) In you mobile app you enter this 2 keys and then the app will activated. Also you need to have a code in WHMCS to reset the keys if needed 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.