Giving customers storefront access
Your storefront is a hosted per-distributor login portal at
/store/{your-slug}. Every customer who wants to order from you logs in
there.
URLs to share
Your slug lives in Settings → Company. Once set, your customer-facing URLs are:
| URL | What it does |
|---|---|
/store/{slug} | Landing page — links to login and register. |
/store/{slug}/register | New customer sign-up. |
/store/{slug}/login | Existing customer log in. |
/store/{slug}/setup-password | One-time password setup for contacts you've invited. |
/store/{slug}/catalog | Product catalog (requires login). |
/store/{slug}/orders | Order history for the logged-in customer. |
/store/{slug}/account | Profile and addresses. |
The slug is URL-safe and set once — we can help you change it if needed, but it ripples through any bookmarks your customers may have.
Your dashboard is on a different URL (
/dashboard/...) and uses a separate session. Staff and customers never share a login — they hit completely different auth flows.
How login works
On /store/{slug}/login the customer enters email and password. Distribu
tries two lookups in order:
- Primary customer login — does a customer with this email exist in
your company, and does the password match? If yes and the status is
ACTIVE, they're in. - Contact login — if the primary check fails, Distribu looks for a
contact with this email under any customer in your company. The contact
must be active and the parent customer must be
ACTIVE. If the password matches, the contact logs in under the parent customer.
A blocked primary customer who gets the password right still sees:
"Your account has been suspended. Please contact the store for details."
Wrong password — either case — gets the generic "Invalid email or password." so we don't leak which accounts exist.
Session duration
A successful login writes an httpOnly, cryptographically signed session
cookie called customer_session. It's valid for 7 days. After that,
the customer is redirected back to the login page.
There's no "remember me" checkbox — every session is 7 days, period. If you want shorter, we can make it configurable — email us.
Logging out
A logout button in the storefront header clears the cookie immediately, so the customer has no way to present it on future requests.
Blocking a customer
From the customer detail page, click the status toggle in the header to flip from Active to Blocked. Take effect is immediate:
- Any future login attempt returns the "suspended" message.
- Existing sessions keep working until expiry (up to 7 days). We check the status on login, not on every request.
- Existing orders are untouched — they keep their full history, and you can still view and update them from the dashboard.
- Customer contacts can't log in either — the contact login path
requires the parent customer to be
ACTIVE.
To unblock, flip the toggle back to Active. Every status change writes an
audit log entry with the from and to values.
To fully cut access immediately, block the customer, then remove every contact under them. Contact sessions become invalid as soon as the contact is deleted; primary-customer sessions expire naturally within 7 days.
What blocked customers still see
A blocked customer who still has a valid session cookie won't notice until it expires — they can still browse, add to cart, and in theory place an order. This is an edge case we accept because the alternative (re-checking status on every single request) noticeably slows the storefront.
If you need a blocked customer's session gone right now, email support@distribu.app — we can purge the session on our end.
Password reset
There's no self-serve password-reset email flow in the dashboard UI today. If a customer forgets their password:
- They click Forgot password? on the login page — sends them a reset email.
- The email has a short-lived token link back to your storefront.
- They pick a new password and are logged straight in.
Reset emails go through the same sender as your order-confirmation emails. If a customer says they never received one, check their spam folder and verify the email on their customer record is correct.
Contacts have their own paths
See Customer contacts for the full invite flow. The short version:
- You add the contact at
/dashboard/customers/{id}. - You send them the URL
/store/{your-slug}/setup-password. - They set a password there. Redirect to login.
- They log in at
/store/{your-slug}/loginlike any other user.
After the first setup, they behave exactly like a primary customer would — 7-day sessions, same logout, same reset flow.
That wraps up the Customers section. Next up: Orders covers the order lifecycle — placement, statuses, fulfillment, and invoices.