So, currently, the only way for billing and customer management software developers to instantiate a new session to cPanel directly is through having access to a user's username and password. Not only is this the least secure way to start a cPanel session and redirect the user, this is the least effective, foolproof, etc.

Here is some code in Ruby which demonstrates how one would program this today:

https://gist.github.com/c12a8a2b0eeede8890e8

I'm proposing something which does the following:

- Once a root user (administrator) has access to the access hash, they will make a connection to the API
- The administrator will use then make a call to the API function (let's call it "session_create") where they will pass in the username, and maybe an optional time where the session should time out if the user doesn't get passed over -- maybe 30 seconds by default?
- The server would pass back a URL which the user would then be passed to if the username exists on the server, and the session was created successfully.

This is ultimately a lot safer, and more convenient for software developers for a number of reasons:

- There is less of a chance of security breaches and other issues
- If a user changes their password, or it is not known for some other reason, it doesn't diminish the user experience, and lets them log in (you're the root user; you dictate who can and cannot log in)

I have heard from some people that this has been requested for some time, and it would help a LOT of developers out there, so please feel free to +1 if you want this feature.

Thanks! Feel free to ask any questions if clarification for this feature is needed. I'd be happy to help in any way possible.