Skip to main content
By default, partners open your portal’s login screen and enter their email to receive a one-time code (or type their password). If you already know who the user is, you can pass their email in the login URL so the field is prefilled and locked, and optionally have the first login step submit automatically. This works on any portal login link — whether the portal is embedded in an iframe inside your app or opened directly in the browser. It removes the “which email do I log in with?” confusion, especially useful when partners are created via the API and may not know which address was used.
This works for both affiliate and refer-a-friend portals. It reduces the friction of the login step; partners still complete authentication with their one-time code or password. For a fully login-free experience, contact support about single-use sign-in links.

URL parameters

Append these query parameters to your portal’s login URL (/login):
ParameterRequiredDescription
emailOptionalPrefills the login email field with this value and locks it so it can’t be edited.
autosubmitOptionalWhen set to 1, automatically submits the first login step as soon as the page loads (for one-time-code logins, this sends the code immediately).

Usage

1

Add the email to the login URL

Link to your portal’s login page and include the partner’s email. This works whether you set it as an iframe src or open it directly:
https://partners.yourdomain.com/login?email=partner%40example.com
Replace partners.yourdomain.com with your portal domain.
2

Optionally skip the first click

Add autosubmit=1 to request the one-time login code automatically, so the partner lands directly on the code-entry step:
https://partners.yourdomain.com/login?email=partner%40example.com&autosubmit=1
3

If embedding, allow your site to embed the portal

Only relevant when embedding: your website’s domain must be added to the portal’s allowed embedding domains (the same whitelist used by the portal widget). Otherwise the browser will block the iframe. When opening the login URL directly, no whitelist is needed.
Always URL-encode the email value. The @ character must be written as %40 — for example, [email protected] becomes partner%40example.com.

What the partner sees

  1. The login screen opens with the email already filled in and locked.
  2. With autosubmit=1, the one-time code is requested immediately; otherwise the partner clicks the login button.
  3. The partner enters the code sent to their email (or their password) and lands on their dashboard.

Behavior and limitations

One-time-code logins

autosubmit requests the login code automatically. The partner still enters the emailed code.

Password logins

The email is prefilled and locked, but autosubmit is ignored — there is no password to submit automatically.

Bot protection

If Cloudflare Turnstile is enabled on your portal, auto-submit waits until the challenge is completed.

Invalid email

If the email value isn’t a valid email address, it is ignored and the normal login screen is shown.
This feature only prefills the login step — it does not bypass authentication. Partners still verify their identity via the one-time code or password.