Logging in

Affiliates can access their portal through several secure paths. This page explains magic links, OAuth options, and portal access controls.

Magic links (passwordless)

Affiliates request a magic link by entering their email; the system sends a one-time link that logs them in.
Magic links are convenient and reduce friction, but ensure the email delivery pipeline is healthy to avoid lockouts.

OAuth / social login

If enabled, affiliates can log in via supported providers (Google, Shopify account). OAuth reduces account friction and centralizes identity.

Session and security

Sessions should be short-lived and renew on active use; implement refresh tokens or re-issue magic links for extended access.
Consider 2FA for high-value affiliates when they request large payouts.

Portal access controls

Provide role-based controls for privileged actions (requesting large payouts, editing payout destinations, or viewing detailed financial reports).

Troubleshooting login issues

Check spam folders if magic links aren’t received and verify email sending provider settings.
If OAuth fails, validate client IDs and redirect URIs in the provider dashboard.

Developer notes

Ensure magic links use expiring tokens and single-use semantics to prevent reuse.
Log login attempts with affiliate_id and timestamps for security audits.

Choose login flows that balance low friction for onboarding with adequate security for payouts and sensitive actions. Resetting your password

Using magic links

Choose Email me a sign-in link on the login screen. The link expires after a short period for security.

Troubleshooting

No email received: check spam/junk folders and verify the email on your affiliate profile.
Link expired: request a new magic link or reset your password.

Security tips

Use a strong, unique password and enable two-factor authentication if available on the platform.