I believe I made this suggestion before a couple years ago in the development forum, but since there was no response, I will do another attempt here.
It would be nice if it was possible for us to have a link in the clientarea of our billing application that points to the Plesk panel, and when clicked would allow the user to access Plesk directly without having to login a second time.
I am aware this is possible by creating a database with all user passwords and redirecting to: /login_up.php3?login_name=somecustomer&passwd=password
But that no longer works if the user changes his Plesk password, and keeping databases with passwords is not preferred from a security point of view anyway.
I propose creating a new API method instead that generates a single-use URL that can be used to login as the user once, and looks like this:
Request:
Response:
When the user is redirected to https://plesk-server:8443/login.php3?token=gdsdfsdjh43543654sdfdfg Plesk should set a session cookie that logs the user in as "somecustomer"
It would be nice if it was possible for us to have a link in the clientarea of our billing application that points to the Plesk panel, and when clicked would allow the user to access Plesk directly without having to login a second time.
I am aware this is possible by creating a database with all user passwords and redirecting to: /login_up.php3?login_name=somecustomer&passwd=password
But that no longer works if the user changes his Plesk password, and keeping databases with passwords is not preferred from a security point of view anyway.
I propose creating a new API method instead that generates a single-use URL that can be used to login as the user once, and looks like this:
Request:
Code:
<packet version="1.5.0.0">
<session>
<create>
<login>somecustomer</login>
<create>
</session>
</packet>
Response:
Code:
<packet version="1.5.0.0">
<session>
<create>
<result>
<status>ok</status>
<session>
<autologinurl>https://plesk-server:8443/login.php3?token=gdsdfsdjh43543654sdfdfg</autologinurl>
</session>
</result>
</create>
</session>
</packet>
When the user is redirected to https://plesk-server:8443/login.php3?token=gdsdfsdjh43543654sdfdfg Plesk should set a session cookie that logs the user in as "somecustomer"