Add user in WHMCS by api - whmcs

My question how to get https://www.example.com/includes/api.php. Means api.php file or related liberary. And how to use it.
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.example.com/includes/api.php');
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS,
http_build_query(
array(
'action' => 'AddUser',
// See https://developers.whmcs.com/api/authentication
'username' => 'IDENTIFIER_OR_ADMIN_USERNAME',
'password' => 'SECRET_OR_HASHED_PASSWORD',
'firstname' => 'John',
'lastname' => 'Doe',
'email' => 'john.doe#example.com',
'password2' => 'password',
'responsetype' => 'json',
)
)
);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
curl_close($ch);

This is an external API example.
You need to complete few steps before using it.
Authentication
We recommend creating API Authentication Credentials as best practice for use when building API integrations. API Authentication Credentials can be setup and managed in Setup > Staff Management > Manage API Credentials and allow you to setup individual client identifiers and secrets for each API integration you create. Combined with API Roles, you can also limit the actions that a given API Authentication Credential can access and use allowing for secure and robust management of API access. Use of the WHMCS External API always requires Authentication. In some cases, the Internal API may also require authentication if the call relates to actions specific to an admin user.
For more information, please refer to https://docs.whmcs.com/API_Authentication_Credentials
Access Control
Access to the External API is IP restricted by default.
To configure the IP addresses that are allowed to access and use the WHMCS API, login to your WHMCS admin area and navigate to Setup > General Settings > Security. From there you can add, remove and manage the allowed IPs. Each allowed IP you add also allows you to add a note useful for notating who/what/why the IP has been authorized for access.For cases where IP restriction is not feasible, an access key method is available instead.
Please see https://developers.whmcs.com/api/access-control/ for further information.
For more information:
https://blog.whmcs.com/133546/getting-started-with-the-whmcs-api

Related

how to create new contacts using xero api?

how to create new contacts in Xero using API?
i have tried this API - https://api.xero.com/api.xro/2.0/Contacts but i always get this error : "oauth_problem=consumer_key_unknown&oauth_problem_advice=Consumer key was not recognised."
I don't know how to pass client id and client secret or access token in API?
passing parameter in the header is not working -
curl_setopt($ch, CURLOPT_HTTPHEADER, [
"Authorization: Basic " . base64_encode('75F16AECC7F749E08D1822B32CD110EB:lJ_h1cG7dvE5xIAXDWyFDcmGQPqtZOlHzfAzw0ImdLPKOxL5'),
'Content-Type: application/json'
]);
please help
Xero uses the OAuth2 authorization flow. Broadly speaking, you'll need to:
Send the Xero user to an authorising URL with your client id, which will result in the user being redirected to your specified redirect uri with a code
Swap this code for an access token using your client id and secret
Use the access token as a bearer token in your authorization header when you're making your request to the contacts endpoint
The full details are described in the Xero Developer docs.

yii2-httpclient with Basic Auth and proxy settings

in my Yii2 application, I try to read data from an REST api, which is protected by an HTTP-Basic - Auth. Additional, a proxy is needed to connet the REST api.
So I chose the Yii httpclient-module to handle this call:
$client = new Client(['baseUrl' => 'http://my.example.com']);
$response = $client->createRequest()
->setMethod('get')
->setUrl('api/session')
->addHeaders(['Authorization' => 'Basic '.base64_encode("user:password")])
->setOptions([
'proxy' => 'proxy.server:8000',
'timeout' => 5,
]);
Running this code, I get an Bad URL in proxy request error-message form the Server.
But if I copy the URL from code to the browser (which also connected to the proxy), everything works fine: the Basic-Auth window comes up.
Is there an error in setting the Authorization tag for the header?
After working a day on this problem, in found the answer. Just a minute after asking my question, but I like to keep that question in the case, that someone has the same problem.
Answer:
The yii2 httpclient uses 2 different transport libraries: Streams (which wokrs without an additional PHP extension and is set as default) and cURL.
Switching to cURL as "transport-type", the code above works fine!
$this->client = new Client([
'baseUrl' => 'http://my.example.com',
'transport' => 'yii\httpclient\CurlTransport'])

Authentication for a Symfony2 api (for mobile app use)

I've developed a REST api for my Symfony2 application. This api will be used by a mobile app. Much of the functionality is done in the context of the currently authenticated user, ie:
$this->container->get('security.context')->getToken()->getUser()
I'm hoping that the mobile app will be able to post to the login action just like a traditional web form. If the credentials check out then Symfony2 does it's thing and sets a cookie (does this even work in the context of a mobile app accessing an api?). Then later api requests from that mobile phone will (hopefully) work with the native symfony2 security.context service container.
Would this work? I need to figure out this authorization process before I take the API to the mobile developers. If possible I'd obviously like to be able to use the native security.context service instead of building out a new auth system for the api that uses xAuth or something similar.
Thanks
I think you should do it stateless (without cookie).
I had the same problem, what i did:
in your app/config/security.yml, add:
security:
...
firewalls:
rest_webservice:
pattern: /webservice/rest/.*
stateless: true
http_basic:
provider: provider_name
...
Now you can make a request to your webservice:
class AuthTest extends WebTestCase
{
public function testAuthenticatedWithWebservice()
{
$client = $this->createClient();
// not authenticated
$client->request('GET', '/webservice/rest/url');
$this->assertEquals(401, $client->getResponse()->getStatusCode());
// authenticated
$client->request('GET', '/webservice/rest/url', array(), array(), array(
'PHP_AUTH_USER' => 'username',
'PHP_AUTH_PW' => 'password'
));
$this->assertEquals(200, $client->getResponse()->getStatusCode());
}
}
Here you are, How to create a custom Authentication Provider awesome article.
To Authentication to a Symfony2 application through api, you need use:
WS-Security
Yes Marc, jules is pointing to an example just to show you how to test authentication with http_basic.
To be RESTful you should avoid using cookies, otherwise just call it an API. About how secure is your authentication system you can go with http_digest over https or more secure signed request with api_key/api_secret approach.
Have a look here http://wiki.zanox.com/en/RESTful_API_authentication

how to disable http_auth on a single zend controller

Project which I am currently working is developed using ZF and dojo.
For our Development and Production server we have basic user authentication which is handled using apache's virtual host config file (by having users and password files).
When we type the server URL, it will pop-up the authentication window. It is working well.
We have following controllers in our project.
Index
profile
Error
Signoff
But now our client has come up with a new requirement that only for "Signoff Controller", they would like to allow access to everyone in the network without any authentication.
But if they try to access other controllers it should ask for user authentication.
Kindly let me know your thoughts about solving this issue either by using .htaccess( apache URL rewrite ) or ZF classes if any.
You should probably try to set this up in Zend as it will give you a more flexible setup.
// just a simple example to get you started
$config = array(
'accept_schemes' => 'basic digest',
'realm' => 'My Web Site',
'digest_domains' => '/members_only /my_account',
'nonce_timeout' => 3600,
);
$adapter = new Zend_Auth_Adapter_Http($config);
Check out more on the Zend Manual on different types of auth.

using sfDoctrineGuardPlugin for regular member login?

i want to create users for my webapplication.
im using symfony. i wonder if i should do that with sfDoctrineGuardPlugin or symfony's provided methods for this?
// Add one or more credentials
$user->addCredential('foo');
$user->addCredentials('foo', 'bar');
// Check if the user has a credential
echo $user->hasCredential('foo'); => true
// Check if the user has both credentials
echo $user->hasCredential(array('foo', 'bar')); => true
// Check if the user has one of the credentials
echo $user->hasCredential(array('foo', 'bar'), false); => true
// Remove a credential
$user->removeCredential('foo');
echo $user->hasCredential('foo'); => false
// Remove all credentials (useful in the logout process)
$user->clearCredentials();
echo $user->hasCredential('bar'); => false
or is the purpose of sfDoctrineGuardPlugin just securing the admin page and not the frontend logging system?
thanks.
I would recommend using sfDoctrineGuardPlugin. It provides forms for managing your users in the backend. It is easily extendable to add extra data base fields to add more info for your users (profiles, etc) and it handles all the SHA/MD5 password encryption when storing user passwords for you. If you are creating your login system from scratch you need to consider password storage.
It is basically a great starting point when building your secure pages. It can be used both for backend and frontend. For the frontend you just need to enable the right modules in the config file and you can use it without problem.
One thing I forgot to add is that sfDoctrineGuardPlugin also provides the "remember me" function. Which is great. Use the plugin. :)