Signing Up & Logging In
Overview
The member app is how your customers join your loyalty programme and order from you — a web app they open on their phone, no install required. Before they can earn a point or hold a voucher, they need an account and a way back into it. This page covers both: how a customer signs up, and every way they can log in afterwards.
Almost everything here is driven by your merchant settings. Which sign-up fields appear, whether registration is even allowed, which login methods are offered — you control all of it under Merchant Settings. So the same app can look quite different from one merchant to the next. Where a behaviour depends on a setting, we name it.
One account, your brand
The member app is multi-tenant — each merchant has its own subdomain, logo, and brand colour. A customer signing up on your subdomain is joining your business. The screens below are tinted with your colour and carry your logo throughout.
Signing up
A customer reaches the sign-up screen by tapping Create new account on the login screen, or by following a referral or voucher link you've shared.
The fields
Which fields show, and which are required, is set entirely by your signupFields config (the Signup / Login tab of Merchant Settings). Every field below can be shown or hidden, required or optional:
| Field | What the customer enters |
|---|---|
| Phone | Mobile number with a country code — auto-detected from the customer's location, changeable. |
Email address, with a preferred-domain suffix dropdown if you've set preferredEmailDomains. | |
| First name | Given name. |
| Last name | Family name. |
| Birthday | Date of birth, via a date-picker popup. Needed for birthday vouchers and birth-month bonuses. |
| Gender | Male, Female, or Not specific. |
| Password | Plus a confirm-password field, when a password is required. |
As the customer types, the app checks the phone and email in real time. If either is already registered it says so and offers Login by SMS instead — so they don't accidentally create a duplicate.
Consent and reCAPTCHA
Two consent checkboxes sit above the submit button:
- PDPA + Merchant Terms — mandatory. The customer can't submit without ticking it. The links open your terms drawer (the text comes from your terms & conditions in Merchant Settings; an empty terms shows "This merchant has not provided any terms.").
- "I am open to accept marketing messages" — optional, and ticked by default. This is the customer's consent to receive your marketing.
A reCAPTCHA check (Google reCAPTCHA Enterprise) runs on submit to block bots. It's invisible in normal use.
Reward a complete profile
If you grant profile-completion points (loyaltyAmountProfile in Merchant Settings), the sign-up screen shows a hint — "Receive N points when fill up all details" — nudging the customer to fill in every field. See Loyalty Points.
Referrals and vouchers carried in
If the customer arrived via a referral code or a voucher link (a deep link you shared), that code is shown on the sign-up screen and carried through to their new account — so the referrer gets credited and the voucher lands in the new member's wallet. More on sharing links in Profile & Referrals.
When sign-up is blocked
Two settings can stop registration before it starts:
isAllowRegisteris off — registration is disabled entirely. There's no Create new account button, and anyone sent to the sign-up screen is turned away.isSignupTokenRequiredis on — a valid signup token (from a?token=link) is required. Without one, the customer can't register. Use this when you only want people you've invited to join.
Verifying with OTP
On a successful submit the customer goes to the OTP screen to verify they own the phone or email. They enter a 6-digit code sent by SMS or email.
- A live "expires in MM:SS" countdown runs for 10 minutes.
- When it expires, the button switches to RESEND CODE.
- The screen shows the destination — the phone number or email the code went to.
Enter the right code and the account is live — the customer drops straight into your app.
Logging in
The login screen offers whichever methods you've enabled. The default method is OTP when SMS login is allowed and your preferred type favours it; otherwise it falls back to password. The customer can switch between the offered methods.
Login methods
| Method | How it works |
|---|---|
| Password | The customer signs in with a password by mobile number, email, membership number, or car-plate number. |
| OTP by SMS or email | A one-time 6-digit code, with a 10-minute resend timer. No password needed. |
Social login with a Google account, when isLoginWith includes it. | |
| Biometric | Touch ID / Face ID via WebAuthn — a fingerprint button on the login screen. Requires biometrics set up on the device first. |
| 4-digit PIN | A short PIN the customer has set themselves. A Use PIN to login / Use password instead toggle appears only if they've created one. |
The customer enters their phone (with country code) or email (with the preferred-domain suffix dropdown) and submits. The app then routes them by what it finds:
- login — proceed to password or PIN entry.
- otp — show the 6-digit code entry.
- signup — redirect to the sign-up screen (blocked if registration is disabled).
SMS login disabled
If a customer's phone is already registered but you've turned SMS login off (isAllowSmsLogin), the app tells them to use their password instead. Make sure another method is available before disabling SMS login.
Remember me and forgotten passwords
- Remember me — a checkbox that persists the customer's phone or email and country, so they don't re-type it next time.
- Forgot password? — the customer picks Phone or Email, and a new password is sent to that channel — "New password has been sent to your phone/email!". They return to the login screen and sign in with it.
Which settings shape the login screen
| Setting | Effect on login |
|---|---|
preferredLoginType | Sets the default method and whether OTP or password leads. |
isAllowSmsLogin | Whether OTP-by-SMS (and SMS-based recovery) is offered. |
isAllowRegister | Whether Create new account shows. |
isSignupTokenRequired | Hides Create new account unless a valid token is present. |
isTermCheckOnLogin | Adds a terms-acceptance checkbox to the login screen. |
All of these live under Merchant Settings → Signup / Login. See Merchant Settings.
Quick Login in the order flow
When a customer who isn't signed in starts an order, they hit a lighter sign-in screen — Quick Login — rather than the full login page. It offers a toggle between two paths:
- Member login — OTP only here. A 6-digit code goes to the customer's phone or email (per
preferredLoginType), with a 5-minute timer. - Guest — shown only when
guestLoginTypeisn'tnone. The customer gives just a phone and/or email — exactly which depends onguestLoginType(for examplephone-required,email-required,email-optional) — and the app creates a guest session that goes straight to the order. No account, no password.
A terms checkbox appears if isTermCheckOnLogin is on. If the customer is claiming a voucher, only Member login is offered — a guest can't hold a voucher.
Guest login is a setting
The Guest option only exists when you allow it. With guestLoginType set to none, there's no guest path — the customer is sent to the full login screen to sign in or register. Set guestLoginType to suit how much friction you want before someone can order.
Claiming membership at the counter
Two flows turn a one-off customer into a full member after the fact.
Convert a guest who paid
When a guest finishes and pays for an order — at a merchant whose loyalty redeem includes the customer channel — the order screen shows a CheckMember widget. The guest enters their phone, logs in or signs up, and the receipt they just paid is assigned to the new member. The points and any rewards from that order follow them into their account.
Sign in with POS
If you created a customer's account for them at the POS, they activate it through sign-in-with-POS — a link tied to their phone number where they set a name and password to take ownership of the account. After that they log in like any other member.
The personal QR
Every member has a personal QR code they can show at your counter so a cashier can attach them to a sale by scan. It's a short-lived token — a live countdown expires it, and an expired QR shows "QR code is expired" with a refresh button. The screen also shows your logo, name, and the member's phone. This is the same code your cashiers scan in At the Counter.
What it looks like
On the login screen, the customer sees your logo and brand colour, a phone-or-email field, the method toggles you've enabled (OTP / password / Google / biometric / PIN), Remember me, Forgot password?, and — if registration is open — Create new account. A language dropdown (EN / MN / CN) and a light/dark theme toggle sit in the header.
On the sign-up screen, they see only the fields you've turned on, the two consent checkboxes, any referral or voucher carried in, the profile-points hint if you grant one, and a submit button that runs reCAPTCHA. Retail-template merchants get a card-style layout; others get a full-page form.
Related
- Customer App Overview — what the member app is and how customers move through it.
- Loyalty Wallet — points, vouchers, and credit once a customer is signed in.
- Profile & Referrals — managing the account, PINs, and sharing referral links.
- Merchant Settings — where sign-up fields and login methods are configured.
- At the Counter — scanning a member's QR and attaching them to a sale.
- Concierge — the staff-assisted side of member care.