Customer Portal
The customer portal allows end customers of each organization to manage their subscriptions, invoices, and payment methods autonomously.
Access
The portal is accessed via the organization's custom URL. Each organization configures its portal with branding, domain, and specific features.
Portal Features
- View and pay invoices
- Manage subscriptions (pause, cancel, if allowed)
- Update payment methods
- View transaction history
- Accept/reject commercial proposals
Portal User (PortalUser)
| Field | Description |
|---|---|
| Unique per billing account | |
| Billing account | Link to the financial account |
| SSO only | If true, login only via SSO |
| Status | User status |
User Status
| Status | Description |
|---|---|
active | Active user with full access |
pending_verification | Awaiting email verification (signup) |
pending_invitation | Awaiting invitation acceptance |
suspended | Account suspended |
locked | Locked due to failed login attempts |
Security
- Passwords hashed with bcrypt
- Verification/reset tokens based on HMAC
- Automatic lockout after failed login attempts
- Verification tokens expire in 24 hours
- Invitation tokens expire in 7 days
Invitations
The invitation system allows the organization to send email invitations:
- The invitation is sent with a temporary token (7 days)
- The recipient accepts and sets their password
- Status changes to
active - Pending invitations can be canceled or resent
Self-Service Signup
Organizations can enable public signup:
- The customer accesses the signup page via a unique slug
- Enters CNPJ (validated against Receita Federal via minhareceita.org API)
- Fills in company and administrator data
- A verification email is sent
- After verification, access is granted
CNPJ Validation
- CNPJ must have an "Active" registration status
- CNPJ cannot already be registered in the organization
- CNPJs with "Closed" status are blocked
Portal Configuration
| Setting | Description |
|---|---|
| Company name | Name displayed in the portal |
| Logo | Light and dark logo |
| Colors | Light and dark theme (HSL) |
| Languages | Available languages (default: pt-BR, en-US) |
| Payments | Enabled methods (card, boleto, PIX) |
| Subscriptions | Allow pause/cancel |
| Invitations | Enable invitations and allowed domains |
| Signup | Slug and enable public signup |
| SSO | Public key, algorithm, and issuer |
SSO (Single Sign-On)
The portal supports SSO via JWT:
- Supported algorithms: RS256, RS384, RS512, ES256, ES384, ES512, PS256, PS384, PS512
- Configure PEM public key and issuer (iss claim)
- SSO-only users do not need a password