ValidateLogin API returns NULL except with hard-coded credentials

[nodespace]

Hello,

I am trying to use the ValidateLogin API to authenticate users within WHMCS for an external portal I'm building. However, I've noticed something strange and I cannot seem to figure out why. I've noticed similar threads here on my search for an answer and all those threads went without response so I'm expecting the same here, too.

Here's my code connecting to the API:

$postfields = array(
    'identifier' => $api_identifier,
    'secret' => $api_secret,
    'accesskey' => $api_access_key,
    'action' => 'ValidateLogin',
    'email' => "$customerEmail1",
    'password2' => "$customerPassword1",
);

// Call the API
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $whmcsUrl . 'includes/api.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postfields));
$response = curl_exec($ch);
if (curl_error($ch)) {
    die('Unable to connect: ' . curl_errno($ch) . ' - ' . curl_error($ch));
}
curl_close($ch);

// Decode response
$jsonData = json_decode($response, true);

Whenever this runs, $jsonData always returns NULL. However, if I replace $customerEmail1 and $customerPassword1 variables with hard-coded credentials, then it returns the values I expect to see and works perfectly.

I've tried all sorts of ways of ensuring that $customerEmail1 and $customerPassword1 are always returned as strings, but no matter what I've tried, I cannot get it to dynamically work.

Any ideas to try?

Thanks!

[nodespace]

I was able to resolve this. I'm not exactly sure what I did to fix it, but I'll share my code in case others end up in the same situation. I still don't know how my code above worked the way it did. Anyways, here's my new working code. I decided to make it a function and I would suggest anyone else do the same. That might be a "duh" for the pros, but I'm not a pro developer 🙂  You'll see in my second bit of code, it's as easy as passing an array to process_api() and letting it do its magic.

function process_api( $array = [ 'action' => 'ValidateLogin' ] ) {

    $whmcs_url     = "https://clients.example.com";
    $auth_array    = [
        'identifier'     => '[API_IDENTIFIER]',
        'secret'         => '[API_SECRET_KEY]',
        'accesskey'      => '[API_ACCESS_KEY]',
        'responsetype'   => 'json'
    ];

    $request_array = array_merge( $auth_array, $array );

    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, $whmcs_url . '/includes/api.php');
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_TIMEOUT, 30);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($request_array));
    $res_raw = curl_exec($ch);
    if (curl_error($ch)) {
        die('Unable to connect: ' . curl_errno($ch) . ' - ' . curl_error($ch));
    }
    $res = json_decode( $res_raw, true );
    curl_close($ch);

    return $res;
}

And then here's how I'm calling this:

$user = [
    'action' => 'ValidateLogin',
    'email' => $customerEmail,
    'password2' => $customerPassword
];

$res = process_api($user);

if($res['result'] == "success"){
    echo "Authenticated successfully!";
}else{
    echo "Authentication failure";
}

I hope this helps someone else who was getting stuck like I was.