There is currently no elegant way for a third-party script to trigger (remote control) standard functions within XenForo such as Login, Logout, Register User, Change E-mail/Password/etc., or Delete User. I looked at XenAPI and other add-ons and none seemed to enable third-party scripts to remotely control XenForo to the degree we needed. Rewriting our web application to use XenForo's login routines was not an option. I investigated the Login/Logout functions present in XenForo, but they require the hashed password, which is not something a third-party script would (or should) have access to. After 30 hours developing a rather kludgy integration (as you can read about here) there is still no elegant solution for the AdminCP extra login security popup. I also fear that our integration may be "fragile" and be affected by future changes in XenForo. Including such an API out-of-the-box would eliminate this fear. My suggestion is either: Provide a standalone API file like xenforo_api.php which contains fully encapsulated versions of major XenForo functions, and which can be included into a third-party script by passing an encrypted key to perform these functions without the user's password hash: Login (creates session, cookies, etc. as needed to fully log a user, mod, or administrator in) Logout (ibid.) Register User (provide any and all profile fields, including UserID of the user to be created) Update User (change the e-mail or password of a user) Delete User Create Thread Create Post or: Provide documentation for third-party integration, and provide a version of the Login function that will accept a 64-bit encrypted "API key" in lieu of the user's hashed password. Also, provide a way to disable the AdminCP extra security login procedure for users that login through the API.