Launching today
WHMCS Client Area App for Android & iOS
Flutter mobile app that connects to any WHMCS installation
3 followers
Flutter mobile app that connects to any WHMCS installation
3 followers
Give your hosting customers a real mobile app. This is a full-featured Flutter application that connects to your WHMCS panel through a custom addon module. Your customers get a clean, fast native app. You get fewer support tickets and happier clients. The app communicates with WHMCS through a secure REST API powered by a custom addon module that you install on your server. Everything runs through JWT authentication with automatic token refresh, HMAC request signing, and rate limiting built in.
What your customers can do:
View and manage all their hosting services, addons, and server details
One-tap cPanel login through SSO (no credentials needed)
Browse, search, and manage their domains with full nameserver, WHOIS, lock, and ID protection controls
View and pay invoices, check payment history, apply account credit
Open, reply to, and track support tickets
Search domain availability with real-time WHOIS lookups and TLD pricing
Order new hosting packages directly from the app
Transfer domains with EPP code input
Edit profile, change password, manage contact details
Read company announcements
Use biometric lock (fingerprint/face) for quick secure access
Sign in with Google or Facebook (linked to existing WHMCS accounts)
What you get as the provider:
Full Flutter source code (clean architecture, Riverpod state management, GoRouter navigation)
WHMCS addon module with complete PHP source (JWT auth, rate limiting, audit logging, HMAC verification)
Admin UI inside WHMCS to manage active sessions, view connected devices, and revoke tokens
Android home screen widget for domain search (customers can check domain availability without opening the app)
Detailed documentation covering installation, customization, branding, server configuration, and publishing to both app stores
Security is not an afterthought:
JWT access + refresh tokens with automatic rotation
HMAC-SHA256 request signing on sensitive endpoints (login, registration, social auth)
Server-side client scoping (users can only access their own data, enforced at the API layer)
IP-based rate limiting and per-email login lockout with progressive delays
Honeypot fields on registration to catch bots
Token reuse detection that revokes all sessions if a stolen refresh token is replayed
Full audit logging of auth events
HTTPS enforced, CORS restricted, HTTP method restrictions
Easy to customize:
Change app name, package ID, and branding in a few files
Swap colors, fonts, and theme with simple config changes (Sora + Lexend fonts included, accent color configurable)
Replace app icon and logo assets
Point to your own WHMCS installation by updating one URL
Set your own JWT secret
Configure Google Sign-In and Facebook Login with your own app credentials
Add your terms of service and privacy policy URLs