LogicBoxes API Wrapper for Laravel
Find a file
Troy Siedsma 060b9d1b35 Security HIGH (round 11): redact reseller credentials from LogicBoxes error logs
The reseller auth-userid + api-key ride in the request query string, so a Guzzle
RequestException on a non-2xx LogicBoxes response embedded them in its message,
which the transport wrote verbatim to laravel.log via Log::error (SecretRedactor
is only wired into the module result/logger surfaces, never this raw sink). The
api-key authorizes full control of every domain in the reseller account.

This package is a standalone API client with no core-app dependency, so it now
redacts its own known secret values (apiKey, apiUser) from the logged message
and response body before writing them.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 02:46:42 +00:00
config Re-platform onto LithiumHosting/laravel-logicboxes-api Forgejo origin 2026-05-22 13:14:19 +00:00
src Security HIGH (round 11): redact reseller credentials from LogicBoxes error logs 2026-06-28 02:46:42 +00:00
.gitattributes Re-platform onto LithiumHosting/laravel-logicboxes-api Forgejo origin 2026-05-22 13:14:19 +00:00
.gitignore Re-platform onto LithiumHosting/laravel-logicboxes-api Forgejo origin 2026-05-22 13:14:19 +00:00
CHANGELOG.md Re-platform onto LithiumHosting/laravel-logicboxes-api Forgejo origin 2026-05-22 13:14:19 +00:00
composer.json Re-platform onto LithiumHosting/laravel-logicboxes-api Forgejo origin 2026-05-22 13:14:19 +00:00
CONTRIBUTING.md Re-platform onto LithiumHosting/laravel-logicboxes-api Forgejo origin 2026-05-22 13:14:19 +00:00
LICENSE.md LICENSE: Copyright (c) Lithium Holdings, LLC 2026-05-22 15:13:43 +00:00
README.md README: drop the LiBilling commercial preamble from the License section 2026-05-22 15:40:47 +00:00

Laravel LogicBoxes API

A Laravel package for interacting with the LogicBoxes / ResellerClub HTTP API.

Supports both the live (httpapi.com) and test (test.httpapi.com) environments.


Requirements

  • PHP 8.0+
  • Laravel 9+
  • A LogicBoxes / ResellerClub reseller account

Installation

The package is included as a local path repository in LiBilling. No separate composer require is needed inside the monorepo. For standalone use:

composer require lithiumhosting/laravel-logicboxes-api

Publish the config file:

php artisan vendor:publish --provider="LithiumHosting\LogicBoxesApi\LogicBoxesApiServiceProvider" --tag="config"

This creates config/logicboxes-api.php.


Configuration

Set your credentials in .env:

LOGICBOXES_RESELLER_ID=123456
LOGICBOXES_API_KEY=your-api-key-here
LOGICBOXES_DEMO=false
Variable Description
LOGICBOXES_RESELLER_ID Your numeric reseller ID from the control panel
LOGICBOXES_API_KEY Your API key generated in the control panel
LOGICBOXES_DEMO Set to true to use the test sandbox (test.httpapi.com)

The published config/logicboxes-api.php maps these values:

return [
    'resellerid' => env('LOGICBOXES_RESELLER_ID'),
    'apikey'     => env('LOGICBOXES_API_KEY'),
    'demo'       => env('LOGICBOXES_DEMO', false),
];

Getting Your Reseller ID and API Key

1. Log in to the ResellerClub / LogicBoxes Control Panel

Go to https://manage.resellerclub.com (or your branded URL if you have one).

2. Find Your Reseller ID

Your reseller ID is visible in the top-right corner of the control panel after logging in, or under:

Settings → Personal Information → Reseller ID

It is a numeric value (e.g., 123456).

3. Generate an API Key

Navigate to:

Settings → API (or Manage → API Access)

  1. Click Generate New Key (or Add New IP if IP restriction is enabled).
  2. Optionally restrict the key to specific IP addresses for security.
  3. Copy the key immediately, it is only shown once.

Security tip: Restrict your API key to your server's IP addresses. This prevents the key from being usable if it is ever leaked.

4. Test Environment (Sandbox)

ResellerClub provides a free sandbox for testing without real transactions:

Register a free test reseller account at https://demo.myorderbox.com. Test accounts have separate credentials from your production account.

Set LOGICBOXES_DEMO=true in your .env to use the sandbox endpoint.


Usage

The package registers a singleton bound to logicboxesapi. You can resolve it via the facade, the service container, or direct instantiation.

Making a Raw API Call

use LithiumHosting\LogicBoxesApi\LogicBoxesApiFacade as LogicBoxesApi;

// GET request, fetch legal agreements
$result = LogicBoxesApi::call('legal-agreements', 'commons', [
    'type' => 'customermasteragreement',
], 'GET');

// POST request (default)
$result = LogicBoxesApi::call('signup', 'customers', $customerData);

The call() signature is:

public function call(string $command, string $type, array $params, string $method = 'POST'): array

The URL resolves to: {baseUrl}/{type}/{command}.json

Check Domain Availability

// Check a single domain
$result = LogicBoxesApi::checkDomainAvailability('example', ['com', 'net', 'org']);

// $result is an associative array:
// [
//   'example.com' => 'available',
//   'example.net' => 'regthroughothers',
//   'example.org' => 'regthroughus',
// ]

Status values returned by the API:

Status Meaning
available Domain is available for registration
regthroughus Registered through your reseller account
regthroughothers Registered through another registrar
unknown Status could not be determined

Get Domain Suggestions

$suggestions = LogicBoxesApi::getDomainSuggestions('mystore', ['com', 'net'], exact: true);

Customer Management

// Resolve a customer ID (creates the customer if not found)
$customerId = LogicBoxesApi::get_customer_id($user, $account);

API Reference

The full LogicBoxes HTTP API documentation is available at:


Dependencies

  • guzzlehttp/guzzle: HTTP client

License

This package, laravel-logicboxes-api is licensed under The MIT License (MIT). Please see License File for more information.

Is it any good?

Yes.

When people first hear about a new product, they frequently ask if it is any good. A Hacker News user remarked:

Note to self: Starting immediately, all raganwald projects will have a "Is it any good?" section in the readme, and the answer shall be "yes.".