WHMCS API (2.0.0)

WHMCS API

Introduction

WHMCS API is organized around Representation State Transfer (REST) and is designed around the use of resources. It expects standard HTTP verbs like GET, POST, PUT, and DELETE and returns HTTP response codes and JSON-encoded responses. To get started with the API, make sure that your system is running at least WHMCS 9.0.0-rc.1, and you have created product groups, products, and at least one user account.

Examples provided by this document use cURL, but you can make the API calls in any programming language.

Authentication

WHMCS API may use different authentication methods for different areas of the API.

Store and Cart Operations

For store and cart operations, use an X-Api-State header if a cart is associated with a logged-in user.

  • X-Api-State represents a state of the cart.
  • Each response will return a new value.
  • Each request must include the latest X-Api-State header.

For example, a request with the X-Api-State header:

curl -X GET --location "https://example.com/api/v2/cart/TLlowSWlQjGkGrC1/totals"
  -H "X-Api-State: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczpcL1wvd2htY3MtZGV2LnRlc3RcLyIsImF1ZCI6Imh0dHBzOlwvXC93aG1jcy1kZXYudGVzdFwvIiwiZXhwIjoxNjQ3NTYzMzI3LCJzdWIiOltdLCJ3aG1jc191c2VyIjoiMzlhNDA0NTFlOGE4NjhhZWI4NjExYzEwNGE5OTYwMzk2NmM2MmIyMzg0YWYyYjc4OWJhOGU2YmYxYWVhYjMzYSJ9.B4-Ug6AcVCI52woiW9dF_ylYZXf57e32RSk_7S78Z9M"

With payload:

curl -X POST --location "https://example.com/api/v2/cart/6isLR0SAB0TbCiws/promotion"
  -H "Content-Type: application/json"
  -H "X-Api-State: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczpcL1wvd2htY3MtZGV2LnRlc3RcLyIsImF1ZCI6Imh0dHBzOlwvXC93aG1jcy1kZXYudGVzdFwvIiwiZXhwIjoxNjQ3MzkyODM1LCJzdWIiOltdLCJ3aG1jc191c2VyIjoiMzlhNDA0NTFlOGE4NjhhZWI4NjExYzEwNGE5OTYwMzk2NmM2MmIyMzg0YWYyYjc4OWJhOGU2YmYxYWVhYjMzYSJ9.LfYOrxW5OOtdcfyDOuIa6B0dTytYROMrccqpywxvAB8"
  -d "{\"code\":\"CARTAPI\"}"

Logging In

To log in, you must include the user's email address and password.

For example:

curl -X POST --location "https://example.com/whmcs/api/v2/user/session"
  -H "Content-Type: application/json"
  -d "{\"email\":\"[email protected]\",\"password\":\"pwd123456\"}"

Logging In with Two-Factor Authentication

If the user has enabled Two-Factor Authentication, send an additional request to verify the Two-Factor Authentication token before authenticating the user.

For example:

curl -X POST --location "https://example.com/whmcs/api/v2/user/session/verify"
  -H "Content-Type: application/json"
  -H "X-Api-State: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwczpcL1wvd2htY3MtZGV2LnRlc3RcLyIsImF1ZCI6Imh0dHBzOlwvXC93aG1jcy1kZXYudGVzdFwvIiwiZXhwIjoxNjQ3NDQwMzc5LCJzdWIiOiI1MzJlZmM4ZmI5NzA2NDQ4ZDZkMDMwMTc1ZmFlY2U3N2QxN2E5OGRjN2FkNTZlZWZhZmZjYTRmNzY2ZDJiZjE4In0.Igj9Kby5FR5m4w03x92NwuKviCLRQBQUaLbaXTqQ9kc"
  -d "{\"fields\":{\"key\":\"417339\"}}"

Custom Buy-Flow