> ## Documentation Index
> Fetch the complete documentation index at: https://docs-int.wingback.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Login a Customer to the Self-Serve Portal

> Create an authentication token for a customer and return a URL for accessing their self-serve billing portal.

export const IntRedir = () => {
  if (typeof document === "undefined") {
    return null;
  } else {
    setTimeout(() => {
      const currentUrl = new URL(window.location.href);
      if (currentUrl.hostname === 'docs-int.wingback.com') {
        currentUrl.hostname = 'docs.wingback.com';
        window.location.replace(currentUrl.toString());
      }
    }, 1);
    return <></>;
  }
};

<IntRedir />

<Card title="Code Example" icon="code" href="/dev/guides/billing-portal#2-validate-that-the-customer-is-logged-in-and-create-a-redirect-url-backend">
  Refer to our Billing Portal Integration Guide for more information and code examples.
</Card>

This endpoint generates an authentication token for a customer, given at least one identifier (customer ID, email, or customer reference). It returns a URL that you can provide to the customer so their browser can be redirected to the billing portal with a valid authentication token.

<Warning>
  Always perform an authorization check on your backend first and never pre-generate the secret URL, as it would otherwise expire before the customer opens it.
</Warning>

In your customer dashboard, add a "Billing Portal" button or link. This should be connected to an internal endpoint in your backend. When your customer clicks the button, verify that their login session on your application is still valid. Then, call this endpoint, providing Wingback ID (or alternatively the customer email or reference). This will return a `201` text response if successful. Finally, redirect the customer to the URL returned by the authenticate endpoint using a `302` redirect (see [example](/dev/guides/billing-portal#2-validate-that-the-customer-is-logged-in-and-create-a-redirect-url-backend)).

Once there, your customer will have access to their billing portal, where they can:

* View and update their billing information
* Manage their payment methods
* View their subscription details
* Track their current usage
* Upgrade or downgrade their plan
* View their billing history and download invoices

<ResponseExample>
  ```text Response (201) theme={null}
  https://billing.wingback.com/end-user/auth?token=67a82365-47a1-4b0b-894e-96038c01b2e0
  ```
</ResponseExample>


## OpenAPI

````yaml POST /v1/c/customer/authenticate
openapi: 3.0.3
info:
  title: wingback-api
  description: ''
  contact:
    name: ''
  license:
    name: commercial
  version: 0.1.0
servers:
  - url: http://127.0.0.1:8080
    description: Local server
  - url: https://api.app.test.wingback.com
    description: Testing server
security: []
paths:
  /v1/c/customer/authenticate:
    post:
      tags:
        - customer
      summary: >-
        Create an authentication token for a customer and for the Authentication
        URL
      description: >-
        Take a filter with at least one value among the customer id, the email
        or

        the customer reference.

        Return an url to be given to the wb_customer so their browser can
        redirect to it

        sourcing their authentication token.


        Example usage:


        Your customer should already be authenticated by you,

        using whatever method you prefer.


        In you customer dashboard you add a Billing portal button.

        When your customer clicks the button, you call this
        `/c/customer/authenticate`

        method providing either the customer email, reference or the wingback
        id, and

        then you redirect the customer to the URL returned by the authenticate
        endpoint.


        Once there, your customer will be authenticated at the billing portal.
      operationId: authenticate_customer
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/inbound.customer.AuthenticateFilter'
        required: true
      responses:
        '201':
          description: ''
          content:
            application/json:
              schema:
                type: string
              example: >-
                https://api.billing.demo.wingback.com/v1/customer/auth?token=b32ee9a3-1361-4119-9c27-06561f546bde
      security:
        - api-key: []
        - wb_user_cookie: []
components:
  schemas:
    inbound.customer.AuthenticateFilter:
      type: object
      description: A filter to select a customer to authenticate
      properties:
        email:
          type: string
          description: Find Customer by Email
          nullable: true
        id:
          allOf:
            - $ref: '#/components/schemas/Id'
          nullable: true
        reference:
          type: string
          description: Find Customer by Reference
          nullable: true
    Id:
      type: string
      description: >-
        Unique identifier of an object. Consists of object class prefix and a
        UUID
      example: Cust_c40bea18-c0c9-44b1-bd0c-43f5283e1670
  securitySchemes:
    api-key:
      type: apiKey
      in: header
      name: wb-key
    wb_user_cookie:
      type: apiKey
      in: cookie
      name: app-session

````