On our website there is a form "plesk login", where our customers can input login/password, without knowing which system their on. In the background we maintain a db with the available usernames for each system. Only if a username exists on multiple systems, the client needs to choose one from an additional dropdown.

As of my last comment, we used your described way (http://download1.parallels.com/Plesk/PP12/12.0/Doc/en-US/online/plesk-linux-advanced-administration-guide/index.htm?fileName=73873.htm) of passing plain login/password to login_up.php3 as a parameter in url, until we got complaints from our customers because they didn't like to see their password in the browsers addressbar.

So what we basically need is something very similar to your automatic logging in to plesk, extended with a password check. When a client enters is plesk login/password on our website, we send those credentials to the plesk api which should return either a session token (on success) or an error (wrong login and/or password).

Hi Cristoph, I have reopened the case on your request.
However the case needs more detailed explanation in order to be considered. Realistically, with unclear purpose and low votes (just 9) its chances to be included in development plan are quite subtle.

Please can you reopen this issue? We'd still like to have an API operation for login/password verification.

As described we already know this option (automatic logging in to plesk), but are looking for an alternative where it's also possible to verify the password.

The easier, but not recommended way from your documentation is exactly what we did before, until we got complaints from our customers, for two reasons:

1. Login and password are logged plain-text in the accesslog, visible to everyone who has access to it.

2. If redirection is not fast enough or user just enters wrong password, his login and password stay visible for everyone as plain-text in the browsers addressbar.

We also like to display wrong password information directly on our side instead just forwarding client to the plesk login mask.

Currently we solved it as follow:

1. CURL request with the entered login/password to login_up.php3
2. use session/get operation to check for active session for the entered login with our servers ip-address (if it exists, the login succeeded)
3. use session/terminate operation to terminate our active session (so same user isn't logged in twice)
4. use server/create_sesson operation to create a session with the user's ip-address and redirect him with the session token to plesk

http://download1.parallels.com/Plesk/PP12/12.0/Doc/en-US/online/plesk-linux-advanced-administration-guide/index.htm?fileName=73873.htm