Plugipay
ForjioHuudisIdentityPlugipayPaymentsStorlaunchE-commerceFulkrumaFulfilmentRiplloMarketingLinkSnapShort URLsPawpadoGPU streaming
Plugipay Docs
⌘K

Sign in

This page walks through what happens when you sign in to Plugipay, what each screen does, and how to recover from the common things that go wrong.

If you're new to Plugipay and don't have an account yet, head to Sign up first.

The flow

Sign-in has up to four screens, depending on your account state:

  1. Plugipay landing page — you click Sign in.
  2. Huudis email/password screen — you enter your credentials (or click Google/Apple).
  3. MFA prompt (if enabled) — you enter a TOTP code or biometric.
  4. Plugipay dashboard — you're in.

Steps 1 and 4 are on plugipay.com. Steps 2 and 3 are on huudis.com — you'll see the domain change in your address bar. That's intentional: Huudis owns identity, Plugipay owns payment data.

Step-by-step

1. Click Sign in

The Sign in button is in the top-right of every plugipay.com page. Clicking it sends you to plugipay.com/login. From there you can choose:

  • Continue with email — the standard flow.
  • Continue with Google — available if your Huudis instance has Google OAuth configured. See Social providers.
  • Continue with Apple — same condition as Google.

If you've signed in to plugipay.com before in this browser, you'll skip the chooser and go straight to Huudis.

2. Enter credentials

On huudis.com, you'll see a form for Email and Password.

  • Email is case-insensitive.
  • Password is case-sensitive. Spaces matter.
  • Plugipay doesn't impose a length limit on passwords beyond what Huudis enforces (minimum 10 characters).

After you submit, Huudis validates the credentials. Three possible outcomes:

  • Success, no MFA — you skip to step 4.
  • Success, MFA enrolled — you go to step 3.
  • Failure — you see "Invalid email or password" with no information about which one is wrong (this is intentional, to prevent account enumeration).

3. MFA challenge (if enabled)

If you've enrolled in multi-factor authentication, Huudis prompts you for a code. Supported factors:

  • TOTP — from Google Authenticator, Authy, 1Password, etc. Six-digit codes.
  • WebAuthn — hardware security keys (YubiKey) or platform authenticators (Touch ID, Windows Hello).
  • Backup code — one of the codes you saved when you enrolled. Each code works once.

Enter the code. Huudis verifies it and proceeds.

Lost your second factor? Use a backup code. If you've used them all, contact your workspace admin — they can disable MFA on your account from the dashboard. If you're the only admin and you've locked yourself out, email hello@plugipay.com from a recognized email address.

4. Back to Plugipay

Huudis redirects your browser to plugipay.com/callback?code=…. The callback page POSTs that code to Plugipay's backend, which:

  1. Exchanges the code for tokens at Huudis.
  2. Validates the PKCE challenge it stored before redirecting you out.
  3. Signs a session cookie and sets it on your browser.
  4. Redirects you to /dashboard.

You're in. The whole thing usually takes under a second.

Workspace selection

If your Huudis identity belongs to multiple Plugipay workspaces, the first sign-in to a new browser lands you in the workspace you used last. If we can't determine that — e.g., it's a new browser and you're a member of several — we land you in your default and show a brief banner that you can switch.

The workspace switcher lives in the top-left of the dashboard. Switching is instant; we don't reload the page, just refetch the data.

"Remember me"

We don't have a "remember me" checkbox because we do it by default. Session cookies last 30 days of inactivity — you don't need to re-sign-in unless you've been away.

The cookie is httpOnly, Secure, SameSite=Lax, and HMAC-signed. It's safe to leave the browser open.

To explicitly end the session, see Sign out.

Common errors

"Invalid email or password"

The email or password you entered didn't match. We don't tell you which one for security reasons. Things to check:

  • Caps Lock is off.
  • The email is the one you used at sign-up — not an alias or another address you've added later.
  • You haven't recently changed your password (then logged in with the old one).

If you genuinely don't remember, use Forgot password.

"Email not verified"

You signed up but never clicked the verification link in the welcome email. Plugipay won't let you sign in until you've verified.

Click Resend verification on the sign-in error page. The email comes from no-reply@huudis.com — check spam if you don't see it within a minute.

"Account locked"

After too many failed attempts (we cap at 10 per 15 minutes), Huudis temporarily locks your account. Wait 15 minutes and try again. If you've genuinely forgotten your password, request a reset — that bypasses the lock.

"Too many requests"

The Huudis IdP rate-limits sign-in attempts per IP. If you're behind a NAT with many users (corporate network, shared dev machine), you may share a quota. Wait a minute and retry; the limit resets quickly.

"Apple/Google sign-in failed"

The most common cause is that the social provider isn't actually configured on this Huudis instance — the buttons should be hidden in that case but a stale browser tab can show them. Refresh the page; if the button disappears, fall back to email/password.

If the button persists but the flow errors, the provider on Huudis's side may have rotated credentials. Email hello@plugipay.com so we can re-link.

Behind the scenes

If you want to understand the protocol-level details — PKCE, state, nonce, refresh token rotation — the Authentication overview has the longer version.

Next

Plugipay — Payments that don't tax your success