Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/own-pay/OwnPay-Documentation/llms.txt

Use this file to discover all available pages before exploring further.

The OwnPay admin panel is protected by a focused, single-entrance authentication gate designed for super-administrators and pre-authorized staff members only. Unlike typical SaaS platforms, OwnPay does not allow self-registration — every account must be provisioned by the super-administrator in advance. This sovereign model ensures that access to sensitive financial ledger data is always tightly controlled.

Accessing the Login Page

Navigate to your OwnPay instance’s login URL in any modern browser. By default, the login interface is available at:
https://your-domain.com/login
The /login slug is configurable. Your super-administrator may have changed it to a custom path (e.g. /secure-gate-7x2) for additional security. If you receive a 404 Not Found at /login, contact your administrator for the correct URL.

Signing In

1

Enter your credentials

Type your registered Email or Username into the first field. Then enter your Password in the second field. Passwords are case-sensitive — ensure Caps Lock is off.
2

Toggle Remember Me (optional)

Check the Remember me box only if you are logging in from a private, encrypted personal device. This extends your session duration so you don’t need to re-authenticate on every visit.
3

Click Sign In

Press the Sign In button to submit your credentials. The system will validate them against the pre-registered account database.
4

Complete 2FA if prompted

If your account has Two-Factor Authentication enabled, you will be automatically redirected to the /2fa verification screen. Enter the 6-digit code from your authenticator app to complete the login. See Two-Factor Authentication for full details.
5

Reach the Dashboard

Upon successful authentication (with or without 2FA), you are redirected to the Admin Dashboard, where you can manage all platform activity.

Login Page Fields Reference

Field / OptionRequiredDescription
Email or UsernameYesThe pre-registered email address or username on your account.
PasswordYesThe secure, case-sensitive password for your account.
Remember meNoExtends session lifetime on trusted devices. Unchecked by default.
Sign InSubmits credentials for verification.
Forgot password?Opens the password recovery flow.

Security Configuration

The login system includes built-in protections that administrators should understand.
After five (5) failed login attempts within a 5-minute window, the account is temporarily locked. The lockout period is 5 minutes. This prevents automated credential stuffing attacks. Once locked, no further attempts are accepted until the window expires — there is no admin override to skip the cooldown.
The super-administrator can change the login route from /login to any arbitrary slug under Landing Page Settings. Once changed, any request to the old /login path returns a 404 Not Found page, effectively masking the admin panel from automated scanners. Distribute the new URL only to authorized staff through a secure channel.

Best Practices

Secure Your URL

Change the default /login slug to a random, hard-to-guess string. This single step significantly reduces exposure to automated bot attacks targeting known admin paths.

Use Dedicated Accounts

Never share credentials between staff members. Each person must have a separate account with role-based permissions provisioned by the super-administrator.

Enable Two-Factor Auth

Protect every administrator and staff account with TOTP-based 2FA. A stolen password alone will not grant access to a 2FA-protected account.

Always Use HTTPS

Verify the browser address bar shows a padlock icon and https:// before entering credentials. Never log in over plain HTTP connections.
Always confirm the browser address bar displays your correct domain name and an active SSL/TLS padlock before typing your password. Phishing pages may mimic the login interface on lookalike domains.

Troubleshooting

SymptomLikely CauseFix
Invalid credentials messageTypo in email/username or incorrect password.Re-verify your credentials carefully. Remember passwords are case-sensitive.
Account temporarily lockedFive or more failed attempts within 5 minutes.Wait 5 minutes for the lockout to expire, then try again carefully.
404 Not Found at /loginThe super-administrator has changed the login URL slug.Contact your administrator for the correct custom login URL.

Two-Factor Authentication

Set up and use TOTP-based 2FA — the next step in the login flow when 2FA is active on your account.

Forgot Password

Recover access to your account through the administrator-coordinated password reset process.

Build docs developers (and LLMs) love