OwnPay’s password recovery process is intentionally designed around the platform’s sovereign, administrator-controlled security model. Rather than sending automated email reset links — which can be intercepted or spoofed in high-security gateway environments — the system logs your recovery request to the audit trail and directs you to coordinate with your super-administrator for a manual password reset. This approach eliminates token hijacking risks that affect conventional self-service reset flows.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/own-pay/OwnPay-Documentation/llms.txt
Use this file to discover all available pages before exploring further.
Navigating to the Forgot Password Page
Go to the login page
Open your browser and navigate to your OwnPay instance’s login URL (e.g.
https://your-domain.com/login). If the slug has been customized, use the URL provided by your administrator.Submitting a Recovery Request
Enter your registered email address
In the Email field, type the exact email address associated with your OwnPay account. Ensure there are no typos — the address must match your account record precisely.
Click 'Send Reset Link'
Click the Send Reset Link button to submit the request. The system will record a
password_reset.requested audit log entry tied to your email address and the current timestamp.Read the confirmation message
The page will display a notification:
“Your password reset request has been logged. Please contact your system administrator to reset your password.”No email is sent. This message confirms the request was received and logged.
Contact your super-administrator
Reach out to your super-administrator through a secure, verified channel — such as a secure corporate chat, a phone call, or in-person — to inform them of your request. They will verify the audit log entry and reset your password manually from the Staff settings page.
Page Fields Reference
| Field / Option | Required | Description |
|---|---|---|
| Yes | The registered email address of the account you wish to recover. Must match exactly. | |
| Send Reset Link | — | Submits the recovery request and writes the audit log entry. |
| ← Back to Login | No | Returns you to the main login page without submitting a request. |
How It Works Under the Hood
Audit Log Entry
Audit Log Entry
When you submit the recovery form, OwnPay writes an audit log entry of type
password_reset.requested to the system database. This entry includes your email address, the IP address of the request, and a precise UTC timestamp. The super-administrator can view this record in the Audit Log section to confirm the request is legitimate before taking action.Support Email Display
Support Email Display
The support contact email shown on the confirmation screen is pulled from General Settings → Support Email. If your administrator has configured a support address, it will appear here so you know who to contact. If this field is blank, no contact address is shown.
Why No Automated Email?
Why No Automated Email?
Automated reset emails present a security risk in payment gateway environments: a reset token emailed to a compromised inbox grants full account takeover without requiring knowledge of the original password. OwnPay’s sovereign model eliminates this attack surface entirely by requiring administrator-mediated resets. The trade-off is a slightly slower recovery process in exchange for significantly stronger access control.
What the Super-Administrator Does
Once notified, your super-administrator will:- Review the Audit Log to confirm a
password_reset.requestedentry exists for your email. - Navigate to Staff Settings in the admin panel.
- Locate your staff account and use the Reset Password action to set a new temporary password.
- Communicate the new temporary password to you through a secure, private channel.
- Instruct you to change the temporary password immediately upon first login.
Best Practices
Verify Your Email First
Before submitting the form, double-check the spelling of your registered email address. An incorrect email will still log a request but will not match any account for the administrator to action.
Use a Secure Channel
Always inform your administrator through a verified, secure communication channel. Avoid sending the reset request notification over unencrypted email or public messaging platforms.
Submit Only Once
One submission is sufficient. Multiple consecutive submissions clutter the audit log and may trigger rate limiting, delaying your recovery further.
Enable 2FA After Recovery
Once access is restored, immediately set up Two-Factor Authentication on your account to prevent future unauthorized access even if your new password is ever leaked.
Troubleshooting
| Symptom | Likely Cause | Fix |
|---|---|---|
Please enter your email address error | The form was submitted without typing an email. | Enter your registered email address and click Send Reset Link again. |
| No email arrives after submitting | Expected — OwnPay does not send automated reset emails. | Contact your super-administrator directly as described above. |
| You don’t know your registered email | Account was set up by an administrator. | Ask your super-administrator to look up the account and provide the registered address. |
Related Pages
Login
Return to the main login form once your password has been reset by the administrator.
Two-Factor Authentication
Strengthen your account security after regaining access by enabling TOTP-based 2FA.