Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/own-pay/OwnPay-Documentation/llms.txt

Use this file to discover all available pages before exploring further.

OwnPay’s password recovery process is intentionally designed around the platform’s sovereign, administrator-controlled security model. Rather than sending automated email reset links — which can be intercepted or spoofed in high-security gateway environments — the system logs your recovery request to the audit trail and directs you to coordinate with your super-administrator for a manual password reset. This approach eliminates token hijacking risks that affect conventional self-service reset flows.
1

Go to the login page

Open your browser and navigate to your OwnPay instance’s login URL (e.g. https://your-domain.com/login). If the slug has been customized, use the URL provided by your administrator.
2

Click 'Forgot password?'

Below the password field (next to the Remember me toggle), click the Forgot password? link. You will be taken to the password recovery request form.

Submitting a Recovery Request

1

Enter your registered email address

In the Email field, type the exact email address associated with your OwnPay account. Ensure there are no typos — the address must match your account record precisely.
2

Click 'Send Reset Link'

Click the Send Reset Link button to submit the request. The system will record a password_reset.requested audit log entry tied to your email address and the current timestamp.
3

Read the confirmation message

The page will display a notification:
“Your password reset request has been logged. Please contact your system administrator to reset your password.”
No email is sent. This message confirms the request was received and logged.
4

Contact your super-administrator

Reach out to your super-administrator through a secure, verified channel — such as a secure corporate chat, a phone call, or in-person — to inform them of your request. They will verify the audit log entry and reset your password manually from the Staff settings page.
The system does not send an automated password reset email. This is by design to prevent token hijacking. After submitting the form, you must directly contact your super-administrator to proceed. Do not submit the form multiple times, as this clutters the audit log and may trigger rate limiting.

Page Fields Reference

Field / OptionRequiredDescription
EmailYesThe registered email address of the account you wish to recover. Must match exactly.
Send Reset LinkSubmits the recovery request and writes the audit log entry.
← Back to LoginNoReturns you to the main login page without submitting a request.

How It Works Under the Hood

When you submit the recovery form, OwnPay writes an audit log entry of type password_reset.requested to the system database. This entry includes your email address, the IP address of the request, and a precise UTC timestamp. The super-administrator can view this record in the Audit Log section to confirm the request is legitimate before taking action.
The support contact email shown on the confirmation screen is pulled from General Settings → Support Email. If your administrator has configured a support address, it will appear here so you know who to contact. If this field is blank, no contact address is shown.
Automated reset emails present a security risk in payment gateway environments: a reset token emailed to a compromised inbox grants full account takeover without requiring knowledge of the original password. OwnPay’s sovereign model eliminates this attack surface entirely by requiring administrator-mediated resets. The trade-off is a slightly slower recovery process in exchange for significantly stronger access control.

What the Super-Administrator Does

Once notified, your super-administrator will:
  1. Review the Audit Log to confirm a password_reset.requested entry exists for your email.
  2. Navigate to Staff Settings in the admin panel.
  3. Locate your staff account and use the Reset Password action to set a new temporary password.
  4. Communicate the new temporary password to you through a secure, private channel.
  5. Instruct you to change the temporary password immediately upon first login.
Super-administrators managing their own account credentials should ensure a second trusted super-admin exists who can perform the manual reset on their behalf. A single-administrator setup with no recovery path is a critical operational risk.

Best Practices

Verify Your Email First

Before submitting the form, double-check the spelling of your registered email address. An incorrect email will still log a request but will not match any account for the administrator to action.

Use a Secure Channel

Always inform your administrator through a verified, secure communication channel. Avoid sending the reset request notification over unencrypted email or public messaging platforms.

Submit Only Once

One submission is sufficient. Multiple consecutive submissions clutter the audit log and may trigger rate limiting, delaying your recovery further.

Enable 2FA After Recovery

Once access is restored, immediately set up Two-Factor Authentication on your account to prevent future unauthorized access even if your new password is ever leaked.

Troubleshooting

SymptomLikely CauseFix
Please enter your email address errorThe form was submitted without typing an email.Enter your registered email address and click Send Reset Link again.
No email arrives after submittingExpected — OwnPay does not send automated reset emails.Contact your super-administrator directly as described above.
You don’t know your registered emailAccount was set up by an administrator.Ask your super-administrator to look up the account and provide the registered address.

Login

Return to the main login form once your password has been reset by the administrator.

Two-Factor Authentication

Strengthen your account security after regaining access by enabling TOTP-based 2FA.

Build docs developers (and LLMs) love