WHMCS 7.4 introduced API Roles, giving you more control over your API users and permissions.

With API Roles, you can create API Credential pairs that are limited to specific actions.

As more and more third party integrations that leverage our API get created, and as our customer's use of the API's becomes more and more advanced, we wanted to provide a robust way of securing access to the API in a way that was fully backwards compatible for existing API integrations. The answer, API Roles.

An API role can permit access to one or more API actions, and each API Credential can be assigned to one or more API Roles. When an API request is made, if any role assigned to the credential provides permission to the requested action, the request will be authorized and allowed to complete.

Creating an API Role is super easy too. Simply navigate to Setup > Staff > Manage API Credentials, select the API Roles tab and hit the Create API Role button.

Next you'll see a dialog as follows, which allows you to define a name and optional description for your role, and browse all the available API actions by category, and select the ones your role should grant access to. A single role can permit access to permissions across multiple different categories.


Once you're done, simply hit Save and then you can return to the API Credentials tab and assign your new role to your authentication credential sets.

Of note, as part of the 7.4 upgrade, if you have any existing API Authentication Credentials configured, a role will be created that provides access to all API actions that mimics the simple authorization model used in earlier versions. We recommend updating your existing API Credentials to use custom roles that only provide access to the API actions they require.

You can learn more in our API Roles Documentation.

We hope you find this new functionality useful, and if you have any questions or feedback, please be sure to let us know in the comments below!