> ## Documentation Index
> Fetch the complete documentation index at: https://docs.partnero.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Prefill the login email

> Prefill and auto-submit the partner portal login email via URL parameters, so already-known users don't have to re-enter it

By default, partners open your portal's login screen and enter their email to receive a one-time code (or type their password). If you already know who the user is, you can pass their email in the login URL so the field is **prefilled and locked**, and optionally have the first login step **submit automatically**.

This works on any portal login link — whether the portal is [embedded in an iframe](/guides/partner-portal/embedding) inside your app or opened **directly** in the browser. It removes the "which email do I log in with?" confusion, especially useful when partners are created via the API and may not know which address was used.

<Note>
  This works for both **affiliate** and **refer-a-friend** portals. It reduces the friction of the login step; partners still complete authentication with their one-time code or password. For a fully login-free experience, contact support about single-use sign-in links.
</Note>

## URL parameters

Append these query parameters to your portal's **login URL** (`/login`):

| Parameter    | Required | Description                                                                                                                                        |
| ------------ | -------- | -------------------------------------------------------------------------------------------------------------------------------------------------- |
| `email`      | Optional | Prefills the login email field with this value and locks it so it can't be edited.                                                                 |
| `autosubmit` | Optional | When set to `1`, automatically submits the first login step as soon as the page loads (for one-time-code logins, this sends the code immediately). |

## Usage

<Steps>
  <Step title="Add the email to the login URL">
    Link to your portal's login page and include the partner's email. This works whether you set it as an iframe `src` or open it directly:

    ```
    https://partners.yourdomain.com/login?email=partner%40example.com
    ```

    Replace `partners.yourdomain.com` with your portal domain.
  </Step>

  <Step title="Optionally skip the first click">
    Add `autosubmit=1` to request the one-time login code automatically, so the partner lands directly on the code-entry step:

    ```
    https://partners.yourdomain.com/login?email=partner%40example.com&autosubmit=1
    ```
  </Step>

  <Step title="If embedding, allow your site to embed the portal">
    Only relevant when embedding: your website's domain must be added to the portal's allowed embedding domains (the same whitelist used by the [portal widget](/guides/partner-portal/embedding)). Otherwise the browser will block the iframe. When opening the login URL directly, no whitelist is needed.
  </Step>
</Steps>

<Warning>
  Always **URL-encode** the email value. The `@` character must be written as `%40` — for example, `partner@example.com` becomes `partner%40example.com`.
</Warning>

## What the partner sees

1. The login screen opens with the email already filled in and locked.
2. With `autosubmit=1`, the one-time code is requested immediately; otherwise the partner clicks the login button.
3. The partner enters the code sent to their email (or their password) and lands on their dashboard.

## Behavior and limitations

<CardGroup cols={2}>
  <Card title="One-time-code logins" icon="envelope">
    `autosubmit` requests the login code automatically. The partner still enters the emailed code.
  </Card>

  <Card title="Password logins" icon="key">
    The email is prefilled and locked, but `autosubmit` is ignored — there is no password to submit automatically.
  </Card>

  <Card title="Bot protection" icon="shield">
    If Cloudflare Turnstile is enabled on your portal, auto-submit waits until the challenge is completed.
  </Card>

  <Card title="Invalid email" icon="triangle-exclamation">
    If the `email` value isn't a valid email address, it is ignored and the normal login screen is shown.
  </Card>
</CardGroup>

<Info>
  This feature only prefills the login step — it does not bypass authentication. Partners still verify their identity via the one-time code or password.
</Info>
