Docs / The customer portal / Magic-link authentication

Magic-link authentication

How the passwordless login flow works, session duration, and troubleshooting.

5 min read · Updated Apr 22, 2026

Homeowners never set a password. They log in by tapping a link delivered via SMS or email. One tap = authenticated session.

The flow

  1. Client visits /client-login and enters their email or phone.
  2. System checks for a matching client record in any tenant.
  3. One-time magic link is generated (48-char token, 30-minute expiry).
  4. Link is sent via the matching channel (SMS if phone entered, email if email).
  5. Client taps the link. Token is validated, session created, redirected to the portal.
  6. Token is marked consumed; cannot be re-used.

Session duration

Default: 30 days on the portal. The goal is that a client never has to re-authenticate for a routine pay-an-invoice task. Shops with stricter security requirements can lower this via Settings → Security (coming Q3).

Every automated email (invoice sent, reminder, service report) contains a signed link that auto-authenticates the client when clicked. They land directly on the relevant page — no intermediate login screen. Links in email are single-tenant-scoped and expire with the underlying action (invoice link expires when invoice is paid or 90 days out).

💡
The magic-link flow is the single biggest reduction in "I can't log in" support tickets in your operation. Shops migrating from password-based portals report a ~95% drop in login-related support requests in the first 30 days.
Most commonly: the client's email address on file is wrong, or their carrier is blocking SMS from short codes. Diagnostic steps: (1) verify the client's email/phone in the owner UI. (2) Check the audit log for the magic-link issuance. (3) If issued but not delivered, try the other channel. (4) If neither works, contact support — we can issue a one-time recovery link.

Multi-tenant edge case

If a homeowner is a client at two different Servicio shops (e.g., they have a lawn service and a separate pool service), the magic-link flow will show them a tenant picker after authentication. They choose which shop's portal to enter. Session is tenant-scoped, so switching requires a new link.

Was this article helpful?

Contact support