WHMCS Client Area App for Android & iOS
Flutter mobile app that connects to any WHMCS installation
Start new thread
Broodle

WHMCS Client Area App for Android & iOS - Flutter mobile app that connects to any WHMCS installation

by
Give your hosting customers a real mobile app. This is a full-featured Flutter application that connects to your WHMCS panel through a custom addon module. Your customers get a clean, fast native app. You get fewer support tickets and happier clients. The app communicates with WHMCS through a secure REST API powered by a custom addon module that you install on your server. Everything runs through JWT authentication with automatic token refresh, HMAC request signing, and rate limiting built in.

Add a comment

Replies

Best
Broodle
Maker
📌
A complete Flutter mobile app that connects to any WHMCS installation, giving your hosting customers a native experience for managing services, domains, invoices, and support tickets.
Broodle
Maker

What your customers can do:

  • View and manage all their hosting services, addons, and server details

  • One-tap cPanel login through SSO (no credentials needed)

  • Browse, search, and manage their domains with full nameserver, WHOIS, lock, and ID protection controls

  • View and pay invoices, check payment history, apply account credit

  • Open, reply to, and track support tickets

  • Search domain availability with real-time WHOIS lookups and TLD pricing

  • Order new hosting packages directly from the app

  • Transfer domains with EPP code input

  • Edit profile, change password, manage contact details

  • Read company announcements

  • Use biometric lock (fingerprint/face) for quick secure access

  • Sign in with Google or Facebook (linked to existing WHMCS accounts)

Broodle
Maker

What you get as the provider:

  • Full Flutter source code (clean architecture, Riverpod state management, GoRouter navigation)

  • WHMCS addon module with complete PHP source (JWT auth, rate limiting, audit logging, HMAC verification)

  • Admin UI inside WHMCS to manage active sessions, view connected devices, and revoke tokens

  • Android home screen widget for domain search (customers can check domain availability without opening the app)

  • Detailed documentation covering installation, customization, branding, server configuration, and publishing to both app stores

Broodle
Maker

Security is not an afterthought:

  • JWT access + refresh tokens with automatic rotation

  • HMAC-SHA256 request signing on sensitive endpoints (login, registration, social auth)

  • Server-side client scoping (users can only access their own data, enforced at the API layer)

  • IP-based rate limiting and per-email login lockout with progressive delays

  • Honeypot fields on registration to catch bots

  • Token reuse detection that revokes all sessions if a stolen refresh token is replayed

  • Full audit logging of auth events

  • HTTPS enforced, CORS restricted, HTTP method restrictions

Broodle
Maker

Easy to customize:

  • Change app name, package ID, and branding in a few files

  • Swap colors, fonts, and theme with simple config changes (Sora + Lexend fonts included, accent color configurable)

  • Replace app icon and logo assets

  • Point to your own WHMCS installation by updating one URL

  • Set your own JWT secret

  • Configure Google Sign-In and Facebook Login with your own app credentials

  • Add your terms of service and privacy policy URLs