Cabinet overview

The partner cabinet is a self-service web portal at /partner/login. It is a web view of the same data the API exposes: order history, keys, payout history. The cabinet does not replace the API. Both consume the same partner record and the same backend state.

What lives there

• /partner/login: email and password sign-in. If you lose your apiSecret, the operator can issue a one-time password reset. You log into the cabinet and rotate via the UI (same primitive as /v1/keys/rotate).
• /partner/dashboard: aggregate view of total orders, lifetime volume, current rate-limit budget, current afftax, reference-codes count.
• /partner/orders: paged order list with the same partner-facing status vocabulary as /v1/order. Soft-deleted orders are filtered out exactly as in the API.
• /partner/keys: rotate apiSecret and webhookSecret from the browser, and manage reference codes (create, list, enable and disable) through the same backend as /v1/codes.
• /partner/payout-history: every period the operator has marked as paid, with the total USD figure and any reference string attached to the transfer.

Authentication model

Email and password sign-in (passwords hashed at rest). Signed, HTTP-only session cookie scoped to /partner, short absolute lifetime with rolling refresh on active sessions. Sign-in is rate-limited per IP and per email. Failed attempts and unknown emails return the same response (no user enumeration). The lock is fail-closed: if our session backend is unreachable, the form denies.

Sign in

Head to /partner/login with the credentials the operator provisioned for you. New partner records arrive without a cabinet password by default. Ask your onboarding contact to enable cabinet access if you have not received an initial password.