Authentication

Chargify provides a safe and secure location for your subscriber to manage their billing needs. Whether your subscribers are required to set a password, or can browse directly to their Billing Portal URL, your subscribers can manage their accounts with ease. This frees up valuable time for your staff to tend to other matters!

Public-Facing Login Page

Every merchant using Billing Portal has a new “login screen” available at the following URL:

https://www.billingportal.com/s/shortname

Where your “shortname” is your Chargify subdomain. This link isn’t personalized for any particular subscriber. If password logins are turned off, a customer can use the login screen to easily request a Login Link using their email address on file.

This URL by default will redirect to one of two pages depending on whether password logins are enabled. If they are, the URL will be https://www.billingportal.com/s/demo-9469680429/login/password and prompts the user to use their email address and configured password to login. Otherwise, if passwords are disabled, the user will be prompted to retrieve a login link via email at https://www.billingportal.com/s/shortname/login/magic.

At any time, a subscriber can change whether they’d prefer to login using a password (if password login is enabled) or a login link.

Methods of Authenticating

There are four primary ways of accessing the Billing Portal: login links, password logins, the management URL, and invitation emails. Each has their own levels of security; if the customer has not used the Billing Portal for an extended period of time, he or she may be asked to sign in again. Any method can be used.

Login flows can vary slightly depending on whether email verification is enabled. Please review the login flow article for more guidance.

Invitation Email

You may choose to have all customers automatically invited to the Billing Portal at the time of signup, or you may invite each manually. When the customer accepts an invitation, they will be signed in to the Billing Portal to be able to access their subscriptions. The invite email is valid for 48 hours after it is sent. If a customer tries to use the invite after this time, they’ll be asked to generate a new invite.

The invitation email is primarily used when the subscriber is accessing the Billing Portal for the first time. Afterwards, they will use login links, management URLs, or their password to login.

Login links are the most basic way for a subscriber to gain access to their Billing Portal account. To generate one, the subscriber would visit your company’s public-facing login page and click “get login link via email”. They must enter the email address that’s noted on their customer details inside Chargify.

Request a login link via email.

This process is very similar to the common “reset password” procedure on most websites (and has a similar security profile). Chargify will send them an email at the address requested with a limited-time link. Clicking this link will grant access to the subscriber’s Billing Portal. Please be aware that this login link only is valid for an hour.

That said, using the login link will store a “cookie” in their internet browser so that visiting the generic, public-facing login page, https://www.billingportal.com/s/shortname, will take them directly to their subscription.

If the cookie is cleared out, such as when they click the log out button, the customer will likely need to request a new login link to gain access again.

Password Logins

We do not recommend the use of both the “password logins” and the “bypass email verification” settings at the same time. Password logins are intended to increase the security of the login, whereas bypassing email verification lowers it.

If password logins are enabled, your customer can login using a password that they have set. Note that the password setting is optional; customers are not required to set a password. They may still use login links to login.

Login using an email and password, or click "Sign in without typing your password" to use a login link instead.

A customer will be prompted to set up their password the first time they access their Billing Portal account. This means that they would first need to authenticate using a login link, or accept an invitation email. At any time after logging in, a customer can update their password via their “My Account” page.

Set a password for your Billing Portal account.

Additionally, when customers have subscriptions they manage with multiple businesses, they can choose from businesses they’ve already authenticated with.

Change the business that the customer is managing their subscription for.

Forgotten Passwords

If your customers forget their password, we provide a handy forgotten password flow that allows them to access their account and set a new password after clicking a link in an email.

Recovering a lost password.

Management URLs

Billing Portal management URLs are useful once the subscriber has already authenticated. Unlike the public-facing login page, the management URL is the customer’s unique Billing Portal URL.

This link alone is not sufficient to sign a customer into their Billing Portal account, unless you choose to bypass email verification in your Billing Portal settings. If the customer has already signed in recently (from the methods above), they can access their subscription. If not, they will be asked to verify their identity with a new login email (or entering a password, if password logins are enabled).

A management URL requires the customer to have already verified their identity.

Management URLs are included at the bottom of statements & invoices that your customers receive. Each link is valid for 65 days.