What the WHMCS Module Does
The Flowtriq WHMCS module connects your billing platform to the Flowtriq API. When a client orders a server with DDoS protection enabled, the module automatically provisions a Flowtriq node, configures monitoring, and exposes attack data in the client area. No manual setup per order.
Here is the provisioning flow:
Client orders "VPS with DDoS Protection" in WHMCS
|
v
Module creates a Flowtriq node via API
|
v
Deploy token is generated and stored in the service
|
v
ftagent installs on the server with the deploy token
|
v
Client sees live DDoS status in their WHMCS client area
The module handles the full lifecycle: provisioning on order acceptance, suspension when an invoice goes overdue, unsuspension on payment, and cleanup on cancellation.
Installation
Step 1: Download the module
The Flowtriq WHMCS module is available on the WHMCS Marketplace. Download it and extract to your WHMCS modules directory:
cd /path/to/whmcs unzip flowtriq-whmcs-module.zip -d modules/servers/
This creates the modules/servers/flowtriq/ directory with the provisioning module, client area template, and admin area hooks.
Step 2: Configure the module in WHMCS
Go to WHMCS Admin > Setup > Products/Services > Servers and add a new server:
- Name: Flowtriq API
- Hostname: flowtriq.com
- Type: Flowtriq
- Access Hash: Your Flowtriq API token (from Settings > API in the Flowtriq dashboard)
Test the connection. You should see a green confirmation that the API responded.
Step 3: Create a product
Create a new product or add a configurable option to existing products. The module supports two approaches:
- Standalone product: Sell "DDoS Protection" as a separate line item that clients add to their server
- Bundled: Include DDoS protection as part of a VPS or dedicated server package using configurable options
Under the product's Module Settings tab, select "Flowtriq" as the module and configure:
Module: Flowtriq Server Group: Flowtriq API Auto Provision: Yes Alert Channel: (optional) Default webhook for new nodes White Label: Yes/No (controls branding in client area)
Step 4: Auto-install on server creation
If you use an automation platform (Proxmox, SolusVM, Virtualizor, or custom scripts) to provision servers, add the ftagent install to your post-provision hook:
#!/bin/bash
# Post-provision hook: install ftagent with deploy token
DEPLOY_TOKEN="{{service_field_deploy_token}}"
curl -sL https://get.flowtriq.com | sudo bash -s -- --token "$DEPLOY_TOKEN"
The deploy token is stored as a custom field on the WHMCS service. Your provisioning system can read it and pass it to the installer.
Client Area Integration
Once provisioned, clients see a DDoS Protection tab in their service details. The client area panel shows:
- Protection status: Whether ftagent is running and reporting data
- Live metrics: Current PPS, bandwidth, and protocol breakdown
- Active incidents: Any ongoing DDoS attacks with classification and severity
- Attack history: Past incidents with timestamps, duration, peak traffic, and attack type
- Alert configuration: Client-configurable webhook and email alerts
The client area template uses the Flowtriq API to pull data in real time. Clients do not need a separate Flowtriq login unless you want to give them full dashboard access.
White-Label Setup
If you enable white-label mode, all Flowtriq branding is removed from the client-facing elements. The DDoS protection panel appears as a native part of your hosting platform. You can customize:
- Panel title (e.g., "YourBrand DDoS Shield")
- Status page branding
- Email notification templates and sender address
- Alert webhook payloads
White-label is included on all Flowtriq plans. There is no separate licensing fee for removing branding.
Auto-Provisioning Lifecycle
The module hooks into WHMCS lifecycle events:
- Create: Provisions a Flowtriq node, generates deploy token, stores credentials in custom fields
- Suspend: Pauses monitoring on the Flowtriq node (the agent stops reporting, no billing)
- Unsuspend: Resumes monitoring and alerting
- Terminate: Deletes the Flowtriq node and cleans up API credentials
- ChangePackage: Updates the node configuration (e.g., switching from basic alerts to full PCAP capture)
All API calls are logged in WHMCS's module log. If provisioning fails, the order stays pending and the admin gets notified.
Automated Client Notifications
The module includes WHMCS email templates for DDoS events:
- Attack Detected: Sent when a DDoS incident starts. Includes attack type, target IP, and current severity.
- Attack Mitigated: Sent when mitigation rules are deployed and the attack is being filtered.
- Attack Ended: Sent when the incident concludes. Includes duration, peak traffic, and a link to the full incident report.
Templates use WHMCS merge fields and are fully editable in Setup > Email Templates. You can also route alerts to Slack, Discord, or PagerDuty via the Flowtriq webhook system.
Admin Reporting
The module adds a Flowtriq section to the WHMCS admin area with:
- Fleet-wide attack summary across all provisioned nodes
- Per-client incident history
- Node health status (agent online/offline, last check-in)
- Revenue reporting for DDoS protection services
Requirements
- WHMCS 8.0 or later
- PHP 7.4+ (the module uses standard WHMCS APIs)
- A Flowtriq account with API access enabled
- ftagent installed on the servers you want to monitor (supports Ubuntu, Debian, CentOS, Rocky, Alma, Fedora)
FAQ
Does the module work with reseller accounts?
Yes. Resellers can sell DDoS protection to their own clients. The white-label branding applies per reseller if you configure separate API tokens.
Can I bundle DDoS protection with existing products?
Yes. Use WHMCS configurable options to add DDoS protection as an optional addon to any existing VPS or dedicated server product. Clients select it during checkout.
What happens if the Flowtriq API is unreachable during provisioning?
The module retries provisioning on a schedule. The WHMCS order remains in "Pending" status until the API responds. All retry attempts are logged in the module log.
Get the WHMCS module. Available on the WHMCS Marketplace. Install it, connect your Flowtriq API token, and start selling DDoS protection to your hosting clients today. Start your free 14-day trial.