$ feature / customer-portal

Let customers help themselves.

AuthForge hosts a branded self-service portal for your end users at portal.authforge.cc. The most common support ticket in licensed software is "I got a new laptop, my key won't activate." The portal turns that into a button your customer clicks themselves, under a policy you control — no support inbox, no key copy-paste, no manual HWID surgery in your dashboard.

Magic-code email sign-in

Customers authenticate with a passwordless magic code. They enter their license key and the email it was issued to; AuthForge verifies the email matches the license, emails a six-digit code, and issues a short-lived portal session once the code is confirmed. Codes expire after ten minutes, are capped at five attempts, and are stored only as a hash and compared in constant time. There is no portal password to leak.

Self-service HWID resets, governed by policy

Each app carries its own portal policy that the portal enforces on every reset request:

• Master switch: the portal is disabled per app until you turn it on.
• Sliding-window cap: at most N resets per rolling window of D days (defaults: 2 resets per 30 days).
• Cooldown: a minimum number of hours between consecutive resets for the same license (default: 24h).
• Approval mode: auto applies the reset immediately once policy checks pass; manual holds it for your review.

When a request is denied (cooldown active or window cap reached), the portal tells the customer exactly how long until they can retry. You can always issue a reset yourself from the dashboard regardless of the self-service policy.

Branded to your product

Set a display name and accent color so the portal reads as your product rather than a generic vendor page. You can also surface a support URL and support email, and optionally have AuthForge deliver the license key by email on purchase so buyers receive their key without you wiring a webhook handler.