WebMail Pro 8 documentation

Sending login credentials via POST

The product supports logging in programmatically by supplying login credentials which come from external application. In some cases, however, that approach might be not suitable, typical case is when WebMail and external application run on different servers.

There is another way to log user in, it's done by sending POST data to WebMail. Data can come from HTML form, from JavaScript application, etc.

Configuration

For security reasons, this option is disabled by default. You can enable it by setting AllowPostLogin to true in data/settings/modules/Core.config.json file:

    "AllowPostLogin": [
        true,
        "bool"
    ],

Then you can submit POST requests to WebMail Pro 8, with ?postlogin appended to its URL.

Login or Email parameter sent in POST request is used for authentication, along with Password parameter.

Usage example

The simplest way to test this approach is to have a basic HTML form which contains the login details:

<form action="http://yourdomain.com/webmail/?postlogin" method="post">
Email: <input type="text" name="Login"><br>
Password: <input type="text" name="Password"><br>
<input type="submit" value="Login">
</form>

Using GET requests

While using POST is usually convenient, we've added GET support as well. So you can direct user to URL of the following kind:

http://yourdomain.com/webmail/?postlogin&Email=test%40user.com&Password=12345

Note that parameters here need to be supplied in URL encoded way. For example, if email is test@user.com and password is 123&45, URL would look like:

http://yourdomain.com/webmail/?postlogin&Email=test%40user.com&Password=123%2645

Naturally, it's less secure compared to POST as credentials are visible in URL. Still, that might be an option in some cases.