Our documentation has moved!

You are currently viewing a legacy version of our help articles.
For the most up-to-date version, please use the new Chargify Help & Support Site.

Bypassing Email Verification For Your Billing Portal Customers

We have introduced the ability to bypass email verification upon login for your Billing Portal customers.  Traditionally, customers are required to click a link in an email  before being granted access to their Billing Portal account.  This verification step, which is required on each device the customer uses to access Portal, is in place to ensure that the intended customer is the only person with access to their Billing Portal account.
Some merchants would like to make it even easier for customers to access Portal.  Now, these merchants may choose to allow customers to access their Billing Portal account regardless of whether or not they have performed the verification step. To enable this option, just choose "Bypass email verification for logins" in the Billing Portal section of your Site settings:
As noted in the screenshot above, this option is less secure than requiring customers to verify their email address before accessing Billing Portal. With this setting enabled, anyone with a customer's Management Link can access their Billing Portal account. Please consider the security implications for your customers before enabling this setting.
As before, Management Links are available from a variety of sources:
  • They are included at the bottom of Chargify-generated statements
  • They are available from the Subscription and Customer page in the Chargify admin (you can copy & paste the link to send it to the customer yourself
  • They are available via the API: http://docs.chargify.com/api-billing-portal
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request


  • 0
    Monica Jones

    Hello Chargify,

    I spent alot of time emailing and speaking with Chargify staff and my developer about implementing the billing portal. I wanted a completely seamless experience for my customers, thus I did not want to use the most popular method you were offering (which was to put a link on a statement or invite customers to use the link - as that makes the customer experience a bit chopper than it needs to be). I wanted my customers to be able to click on a "billing" link while they were in their dashboard inside of my site. Once they clicked on the billing link it would take them directly to their billing portal - without the need to sign in. I think that this is a beautiful and seamless way to offer subscription management services. There were some other merchants that wanted this same service and had expressed so on your blogs. So, needless to say - I was ecstatic when Chargify introduced a method that makes this possible. So after many hours and much money I had my developer implement the portal the way I wanted. A few days ago I was testing the customer experience with the portal. After logging out I found that customers see this message: You are now logged out.

    You may access your account again by clicking a link from a recent billing statement, or by requesting a new login link be sent to your email via the button below. (there is a login button at the end of this message).

    Well, the issue is that none of this is applicable to merchants such as myself who have implemented the billing portal as discussed above. We do not send statements and we do not want customers requesting links (again, the reason for implementing the portal the way we did) So if our customers see this message after logging out, #1 it is inaccurate, #2 it will not help them, #3 it is going to increase my customer service emails - which is contrary to why I am using subscription management software in the first place. Then when they call/email I will have to keep explaining that the message on the screen is incorrect and that this is a Chargify issue that I cannot remove it. I asked if I could remove this inaccurate message and I was told I can't. So after speaking with Tier 2 support today we brainstormed work arounds. The bottom line is that once my customers log out I either need to be able to say to them something along the lines of - you can log back in by visiting your dashboard, or maybe not have it say anything at all and people will figure out how to do it on their own. Anything other than a message that is not accurate. Could you maybe use a re-direct url at log out or something else as a work around? Any suggestions would be greatly appreciated. I think that this is a great feature, however it wasn't thought out all the way to the very end. Kindly, please reply. Thank you much.


  • 0
    Rick Patri

    Monica - I'd love to know how you set it up. I think what you;ve explained is what i want in a seamless experience. Are you free to discuss?


  • 0
    Monica Jones

    Rick, I am so sorry for the late response. Here we go....Yes we got it set up and it is very seamless!! I love it. You/Your developer will have to code this but it does work beautifully. I told my developer to put a link on the customer dashboard that says "billing" once customer clicks on "billing" they instantly go to the Chargify self service account panel. There they can update billing details or view their billing info or account status. No special codes needed as it is connected to their dashboard that is apart of our site.


    Here is an email instructional I sent to my developer that explains how to set it up. This should help you. Its been working fantastic for us

    Via API Call - After clicking on “billing” they
    are automatically taken directly to their personal billing portal (which is
    linked by their unique customer or subscription ID they were given at initial
    sign-up) where they can update their credit card info, address info or cancel
    their subscription. Because we are not using the “link verification” system the
    customer will not need to verify any link and they will go directly to their
    billing portal. (done via API call)
    When they click the "Billing" in the PC site they will be sent to a link that was fetched with the API. However, you would only fetch this link once and store it somewhere for that particular customer. It would be a strain on the Chargify system if they had to give a link every time a PC customer clicked “billing” Storing the links for PC customers yourself will make a much more efficient process as it won't need to jump through an API call and so forth.
    I asked Chargify where to store the URLs and they said this:
    I suspect that most merchants who have an access-controlled web app are storing them in their local database. So maybe you have a Users database table that stores the Chargify customer ID? You would need at least the Chargify customer ID so that you could request the correct management URL in the first place. In the same database table, I would also store the most recent management URL and the time that it was last fetched (so you can decide when to fetch it again). Your developer will probably understand from this what should be done in your own app, depending on the architecture. However, you would only fetch this link once and store it somewhere for that particular customer.
    My suggestion would be to keep a database table with subscriber_id, url, and timestamp. If the timestamp is "fresh" for a given subscriber ID, then display the saved URL. If it is older than few days, fetch the URL and save it to the database, updating the timestamp. This goes on behind the scenes and customers will not see it or be affected by it.

    The links do expire and I do not want them to. This is the advice Chargify gave to handle expiring links:

    The links WILL expire. in order to keep the links up to date. Set the API call to update the links every so often (every week or so should work). The customers would not notice the change when it gets updated, but it will be a new link. Yes, you would need to write a little program to check for expiring links. This could be done by simply having it check every week or if they only log in every month or set it to only check it then. This way you aren't requesting too many API calls and the links will stay active. If your developer makes the program correctly. Checking for expired links should be totally automated, and shouldn't need someone monitoring it 24/7.

    The ENd


Please sign in to leave a comment.
Powered by Zendesk