Skip to content

auth.php

Authentication and authorization module: session management, WHMCS login, API keys, SSO (Google, GitHub, VK), two-factor authentication, and token verification.

API Methods

Method Action Description
info get token information Returns information about the current token, including role, permissions, server list, verification status, and billing settings.
login get access token User authorization via API key. Returns a session token, list of available servers, and permissions.
logout end session Clears the specified access token, terminating the user session.
whmcslogin login via WHMCS Authorization via WHMCS credentials (email/password) or SSO. Supports billing selection and two-factor authentication.

auth/info

Returns information about the current token, including role, permissions, server list, verification status, and billing settings.

HTTP Method: POST|GET

Parameters:

Parameter Required Type Description
action string Method identifier: info
token string Valid session token for permission verification.

Example Request

curl -s "https://api.hostkey.com/auth.php" -X POST \
--data "action=info" \
--data "token=HOSTKEY_TOKEN"
Example of a successful response 
{
"result": {
"token": "7bc29eb23fb1b879b21fce509597f07c",
"role": "Customer",
"role_type": "Customer",
"role_name": "customer_billing",
"permissions": [
"eq_list",
"eq_show",
"billing_list"
],
"servers": [
12345,
12346
],
"whmcs_id": "98765",
"whmcs_location": "EU-Central",
"email": "[email protected]",
"customer_id": 54321,
"token_expire": 1735689600,
"verified": true,
"corporate": false,
"default_lang": "en",
"billing_options": {
"location": "EU-Central",
"company": "HostKey Europe",
"active": true,
"allowed_payments": [
"cc",
"bank"
],
"native_endpoint": "billing.hostkey.com"
},
"private_ranges": [
"10.0.0.0/24"
],
"private_vlans": [],
"deploy_keys": {},
"billing_servers": [],
"show_products": 1,
"manage_products": 1,
"show_invoices": 1,
"manage_orders": 1,
"ipsubnet_announce": 1,
"edit_master_profile": 1,
"prebill": 0,
"client_ip": "192.168.1.1",
"sumsub_id": null,
"sumsub_comment": null,
"subaccount": null,
"2fa": "email"
},
"subaccount": null,
"original_tags": null
}
Failure response 
{
"code": -2,
"message": "auth: invalid token #13"
}

auth/login

User authorization via API key. Returns a session token, list of available servers, and permissions.

HTTP Method: POST

Parameters:

Parameter Required Type Description
action string Method identifier: login
key string Client API key for authorization
ttl int Token lifetime in seconds (default 3600)
base string Base URL for invapi (optional)

Example Request

curl -s "https://api.hostkey.com/auth.php" -X POST \
--data "action=login" \
--data "key=VALUE"
Example of a successful response 
{
"result": {
"token": "7bc29eb23fb1b879b21fce509597f07c",
"role": "Customer",
"role_type": "Customer",
"whmcs_id": 12345,
"whmcs_location": "whmcs",
"servers": [
101,
102
],
"invapi": "invapi.hostkey.com",
"customer_id": 5678,
"permissions": [
"eq_list",
"eq_show",
"billing_list"
],
"token_expire": 1715800000,
"new": 1,
"prebill": 0
}
}
Failure response 
{
"code": -1,
"message": "auth/login: no key specified as a parameter"
}

auth/logout

Clears the specified access token, terminating the user session.

HTTP Method: POST|GET

Parameters:

Parameter Required Type Description
action string Method identifier: logout
token string Session token to be removed.

Example Request

curl -s "https://api.hostkey.com/auth.php" -X POST \
--data "action=logout" \
--data "token=HOSTKEY_TOKEN"
Example of a successful response 
{
"result": "OK",
"message": "access token cleared"
}
Failure response 
{
"code": -2,
"message": "auth: no token specified"
}

auth/whmcslogin

Authorization via WHMCS credentials (email/password) or SSO. Supports billing selection and two-factor authentication.

HTTP Method: POST|GET

Parameters:

Parameter Required Type Description
action string Method identifier: whmcslogin
user string User email for login (if not using SSO).
password string User password (if not using SSO).
sso string SSO provider identifier (e.g., google, github).
sso_hash string Hash for SSO authorization.
location string Billing location (e.g., US, EU). If not specified, Auto is used.
VisitorID string Visitor identifier for tracking.
full_customer_data string Flag to return full customer data (1 or true).
fix_ip string Fix IP for token (1 or 0).
ttl string Token lifetime in seconds.
base string Base URL for API.

Example Request

curl -s "https://api.hostkey.com/auth.php" -X POST \
--data "action=whmcslogin" \
--data "user=VALUE" \
--data "password=VALUE"
Example of a successful response 
{
"result": {
"token": "7bc29eb23fb1b879b21fce509597f07c",
"role": "Customer",
"role_type": "Customer",
"whmcs_id": "98765",
"whmcs_location": "EU-Central",
"whmcs_token": "",
"permissions": [
"eq_list",
"billing_list"
],
"corporate": false,
"verified": true,
"token_expire": 1735689600,
"new": 1,
"country": "Germany",
"country_code": "DE",
"currency_code": "EUR",
"vat": "1234567890",
"VisitorID": "vis_12345",
"prebill": 0,
"billing_options": {
"location": "EU-Central",
"company": "HostKey Europe",
"active": true,
"allowed_payments": [
"cc",
"bank"
],
"native_endpoint": "billing.hostkey.com",
"sumsub_kyc": true
},
"2fa": "email"
}
}
Failure response 
{
"code": -2,
"message": "auth: empty username"
}
question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×