The OwnPay admin panel is protected by a focused, single-entrance authentication gate designed for super-administrators and pre-authorized staff members only. Unlike typical SaaS platforms, OwnPay does not allow self-registration — every account must be provisioned by the super-administrator in advance. This sovereign model ensures that access to sensitive financial ledger data is always tightly controlled.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/own-pay/OwnPay-Documentation/llms.txt
Use this file to discover all available pages before exploring further.
Accessing the Login Page
Navigate to your OwnPay instance’s login URL in any modern browser. By default, the login interface is available at:The
/login slug is configurable. Your super-administrator may have changed it to a custom path (e.g. /secure-gate-7x2) for additional security. If you receive a 404 Not Found at /login, contact your administrator for the correct URL.Signing In
Enter your credentials
Type your registered Email or Username into the first field. Then enter your Password in the second field. Passwords are case-sensitive — ensure Caps Lock is off.
Toggle Remember Me (optional)
Check the Remember me box only if you are logging in from a private, encrypted personal device. This extends your session duration so you don’t need to re-authenticate on every visit.
Click Sign In
Press the Sign In button to submit your credentials. The system will validate them against the pre-registered account database.
Complete 2FA if prompted
If your account has Two-Factor Authentication enabled, you will be automatically redirected to the
/2fa verification screen. Enter the 6-digit code from your authenticator app to complete the login. See Two-Factor Authentication for full details.Reach the Dashboard
Upon successful authentication (with or without 2FA), you are redirected to the Admin Dashboard, where you can manage all platform activity.
Login Page Fields Reference
| Field / Option | Required | Description |
|---|---|---|
| Email or Username | Yes | The pre-registered email address or username on your account. |
| Password | Yes | The secure, case-sensitive password for your account. |
| Remember me | No | Extends session lifetime on trusted devices. Unchecked by default. |
| Sign In | — | Submits credentials for verification. |
| Forgot password? | — | Opens the password recovery flow. |
Security Configuration
The login system includes built-in protections that administrators should understand.Brute-Force Lockout Policy
Brute-Force Lockout Policy
After five (5) failed login attempts within a 5-minute window, the account is temporarily locked. The lockout period is 5 minutes. This prevents automated credential stuffing attacks. Once locked, no further attempts are accepted until the window expires — there is no admin override to skip the cooldown.
Customizing the Login URL Slug
Customizing the Login URL Slug
The super-administrator can change the login route from
/login to any arbitrary slug under Landing Page Settings. Once changed, any request to the old /login path returns a 404 Not Found page, effectively masking the admin panel from automated scanners. Distribute the new URL only to authorized staff through a secure channel.Best Practices
Secure Your URL
Change the default
/login slug to a random, hard-to-guess string. This single step significantly reduces exposure to automated bot attacks targeting known admin paths.Use Dedicated Accounts
Never share credentials between staff members. Each person must have a separate account with role-based permissions provisioned by the super-administrator.
Enable Two-Factor Auth
Protect every administrator and staff account with TOTP-based 2FA. A stolen password alone will not grant access to a 2FA-protected account.
Always Use HTTPS
Verify the browser address bar shows a padlock icon and
https:// before entering credentials. Never log in over plain HTTP connections.Troubleshooting
| Symptom | Likely Cause | Fix |
|---|---|---|
Invalid credentials message | Typo in email/username or incorrect password. | Re-verify your credentials carefully. Remember passwords are case-sensitive. |
Account temporarily locked | Five or more failed attempts within 5 minutes. | Wait 5 minutes for the lockout to expire, then try again carefully. |
404 Not Found at /login | The super-administrator has changed the login URL slug. | Contact your administrator for the correct custom login URL. |
Related Pages
Two-Factor Authentication
Set up and use TOTP-based 2FA — the next step in the login flow when 2FA is active on your account.
Forgot Password
Recover access to your account through the administrator-coordinated password reset process.