Authentication Overview.
Login methods and security options for all users
The platform provides secure, modern authentication options for all user types. This guide covers how users log in and how administrators can configure authentication.
Login Methods
One-Time Passwords (OTP) (Recommended)
Reward Loyalty’s default login experience is email OTP: the user receives a short-lived verification code and enters it to sign in. Members always use OTP, while Partners, Admins and Staff use OTP-only authentication until they choose to set a password (in Account Settings).
How it works:
- User enters their email address
- System sends a 6-digit code
- User enters the code
- User is logged in
Why this is the default:
- No password to remember
- Fast onboarding (especially for members)
- Strong rate limiting + short expiration window
Password Login (Optional)
Accounts can also sign in with a password if a password is set. Members always use OTP, while Partners, Admins and Staff can set a password (Account Settings) if they wish.
How it works:
- User enters email + password
- System authenticates and starts a session
User-Specific Login
Administrators
Access the admin panel at /admin.
- Full platform access
- OTP and password login supported
- Session duration configurable
Partners
Access the partner dashboard at /partner.
- Partner-specific dashboard
- View only their own data
- Manage their loyalty programs
Staff
Access the staff interface at /staff.
- Simplified mobile-friendly interface
- Quick QR scanning access
- Transaction processing only
Members
Access via the main site homepage.
- Can browse without logging in
- Login required to collect cards
- Always uses OTP login
- Uses header navigation (Home, My Cards)
Anonymous Member Mode
For businesses where signup friction loses customers, anonymous mode lets visitors participate instantly.
How it works:
- Visitor arrives at your loyalty program
- Member account created automatically
- They receive a unique code (e.g., "R4K7")
- Full functionality immediately — earn points, collect stamps, claim rewards
- Optionally add an email anytime to enable OTP login on any device
- Already have an account with an email? Use Log in with Email in the Switch Account tab to verify your email and switch instantly
Best for: Cafés, quick-service restaurants, pop-ups, events — anywhere speed matters.
💡 Learn more: Anonymous Members — Full configuration guide
Security Features
OTP Expiration
One-time passwords expire after 10 minutes. Expired codes require a new request.
Session Management
Active sessions can be managed by administrators. Users can be logged out remotely if needed.
Rate Limiting
To prevent abuse:
- Maximum login attempts per hour
- Configurable lockout periods
- IP-based rate limiting
Related Topics
- Anonymous Members — Zero-friction onboarding
- OTP Management — One-time password configuration
- Security Monitoring — Security settings