Skip to main content
Buy on CodeCanyon
ESC

Searching...

Quick Links

Documentation Home Getting Started

Type to search • Press to navigate • Enter to select

Keep typing to search...

No results found

No documentation matches ""

Documentation
Back to Home Buy on CodeCanyon

Authentication Overview

Login methods and security options for all users

Dec 5, 2025

The platform provides secure, modern authentication options for all user types. This guide covers how users log in and how administrators can configure authentication.

Login Methods

Passwordless Login (Recommended)

The primary login method uses magic links sent via email. No passwords required.

How it works:

  1. User enters their email address
  2. System sends a secure magic link
  3. User clicks the link
  4. User is logged in automatically

Benefits:

  • No passwords to remember or reset
  • More secure (no password database to breach)
  • Faster login experience
  • Works on any device

One-Time Passwords (OTP)

Numeric codes delivered via email for additional security.

How it works:

  1. User enters their email address
  2. System sends a 6-digit code
  3. User enters the code
  4. User is logged in

Best for:

  • Users who prefer codes over links
  • Mobile devices where link clicking is cumbersome
  • Higher-security environments

User-Specific Login

Administrators

Access the admin panel at /admin.

  • Full platform access
  • All authentication methods available
  • Session duration configurable

Partners

Access the partner dashboard at /partner.

  • Partner-specific dashboard
  • View only their own data
  • Manage their loyalty programs

Staff

Access the staff interface at /staff.

  • Simplified mobile-friendly interface
  • Quick QR scanning access
  • Transaction processing only

Customers

Access via the main site or wallet.

  • Can browse without logging in
  • Login required to collect cards
  • Passwordless experience

Security Features

Magic Link Expiration

Magic links expire after a configurable period (default: 15 minutes). Expired links prompt users to request a new one.

OTP Expiration

One-time passwords expire after a configurable period (default: 10 minutes). Expired codes require a new request.

Session Management

Active sessions can be managed by administrators. Users can be logged out remotely if needed.

Rate Limiting

To prevent abuse:

  • Maximum login attempts per hour
  • Configurable lockout periods
  • IP-based rate limiting

Related Topics