Showcase: We Built a Full WHMCS Reseller System via API & Feature Requests (Deep Linking, Webmail SSO)

[saviorhost]

Hello KeyHelp Team and Community,

First of all, thank you for providing such a fast, robust, and flexible API. I wanted to share a massive milestone we recently achieved with KeyHelp and also kindly request a few API enhancements to make it perfect.

Since there is no native multi-level reseller module for WHMCS, we custom-engineered a complete Reseller (Sub-Account) Management System directly inside the WHMCS client area using the KeyHelp API.

How we built the Reseller Hack:
We creatively utilized the client notes field as a lightweight relational database. By injecting specific tags (like [SID-1004] and [PLAN:Linux 1GB]) into the notes via API, our custom WHMCS module maps sub-clients to their master reseller account. Now, our resellers can create new sub-accounts, allocate disk pools, change packages, and manage their clients' domains/emails/DBs without ever leaving the WHMCS interface! (I will attach screenshots below so you can see the fully functional Reseller Client Area we built).

While we successfully built this advanced system, we had to create some clever workarounds. To make this integration native and absolutely perfect, we kindly request the following API features:

1. SSO Target Pages (Deep Linking) for Quick Tools
We want to provide our clients (and our resellers' clients) with "1-Click" buttons in WHMCS that redirect them directly to specific KeyHelp pages, such as Advanced DNS Editor, File Manager, Backup Center, and 1-Click WP Installer.

The Issue: Currently, if we generate an SSO token and append a parameter like &page=dns_editor to the login URL, the KeyHelp security system rejects it (Token Mismatch/CSRF error).

The Request: Please allow us to pass a target_page parameter when generating an SSO link via the POST API. This would authorize the token to redirect directly to the specific tool inside KeyHelp.

2. Webmail SSO Token

The Issue: Currently, there is no native way to log a client into Roundcube (Webmail) from WHMCS without knowing their plain-text password. As a workaround, our code secretly saves plain-text email passwords into the notes field, and when the user clicks "Webmail" in WHMCS, JavaScript copies it to their clipboard and instructs them to press CTRL+V. It's clever, but not an ideal UX or security practice.

The Request: A specific API endpoint (e.g., /emails/{id}/sso) that generates a temporary login token to log the user directly and securely into their Webmail inbox.

3. Direct API for 1-Click App (WordPress) Installation
While an SSO deep-link to the App Installer would be great, having a native API endpoint to trigger a WordPress installation directly (passing domain, admin username, and password) would allow us to fully automate the CMS onboarding process right from the WHMCS order form.

These features are industry standards for automated hosting (similar to cPanel/Plesk capabilities). Adding them to KeyHelp would make it an absolute powerhouse for hosting providers and reseller networks.

Thank you for your excellent work! I look forward to your thoughts.

Best regards.

(Screenshots attached below)

https://prnt.sc/Yly9Q5_R-kcu
https://prnt.sc/445lPGsuMoh9
https://prnt.sc/5p2cCi0l5PLM
https://prnt.sc/XThp8lVu6F2b
https://prnt.sc/HLCp8MzDPop8

[24unix]

(Screenshots attached below)

They are not attached, but hosted on an external site.

This forum has the option to attach files directly.

And: It might be a good idea to take the screenshot with English localization, I have no clue what they say

[Tobi]

Please no external images!

[saviorhost]

[Alexander]

1. SSO Target Pages (Deep Linking) for Quick Tools
We want to provide our clients (and our resellers' clients) with "1-Click" buttons in WHMCS that redirect them directly to specific KeyHelp pages, such as Advanced DNS Editor, File Manager, Backup Center, and 1-Click WP Installer.

The Issue: Currently, if we generate an SSO token and append a parameter like &page=dns_editor to the login URL, the KeyHelp security system rejects it (Token Mismatch/CSRF error).

The Request: Please allow us to pass a target_page parameter when generating an SSO link via the POST API. This would authorize the token to redirect directly to the specific tool inside KeyHelp.

Done for KeyHelp 26.0
With 26.0, you can either specify a 'page' field when calling the API /login Endpoint and an appropriate URL is created, or just append '&sso_page=...' to the URL yourself.

The other 2 features require more work and will not make it to KeyHelp 26.0, as this version is almost feature complete.