Send a one-tap link. They land in their portal in 4 seconds.
The fastest path to put a customer in their own self-serve portal: SMS them a magic link from the customer detail page. They tap once, they're in. No password setup, no app install, no forgotten-credentials tickets to your front desk. Token is good for 30 days; lapses cleanly to a re-send. Same auth surface as the new customer mobile app login (verifyCode mints a token of the same shape).
Launching soon — get early access.
Sarah Chen
555-014-2821 · sarah.chen@hey.com
One-tap delivery. Customer lands at their portal in 4s. Token good for 30 days.
✓ Last sent 6 days ago
sarah.chen@hey.com · expires May 28
Customer opened it 3 minutes after delivery
Features, zoomed in
The parts that actually move the needle.
Three capabilities built specifically for the day-to-day of a working shop.
Deep dive · 01
One-tap send from any customer record
From the customer detail page, hit 'Send portal link' → choose SMS or email → the token is generated, hashed, stored, and delivered through the existing Twilio + Resend stack. Round-trip under 5 seconds. No PDF attachments, no email chains, no front-desk tickets when the customer can't find what you sent yesterday.
- Single 'Send portal link' button on every customer row
- Operator picks SMS or email per send
- Token generated + delivered in ~3 seconds
- Resending automatically retires the old token
Customers · 1,247
Sorted by last seen- JM2 days ago
Jordan Mendez
555-014-9120 · 2018 BMW M3
- SC6 days ago
Sarah Chen
555-014-2821 · 2024 Tesla Model Y
Choose channel
Token mints + delivers in ~3s
- KY14 days ago
Kenji Yamamoto
555-014-3309 · 2022 Porsche 911
- MW23 days ago
Marcus Webb
555-014-7741 · 2020 Ford Raptor
- RP1 month ago
Riley Park
555-014-5562 · 2019 Audi RS6
Same button on every customer row · operator picks channel per send
Deep dive · 02
What the customer actually lands on
Tapping the link drops them at /portal/<token> — no login form, no account creation, no app install. They see their own appointments, photo gallery, invoices with pay-now buttons, warranty certificates downloadable as PDFs, loyalty stamps, and vehicle service history. Token-scoped, so they only see their own data.
- Appointments with live status
- Full job photo gallery
- Invoices with pay-now buttons
- Warranty certificates as PDF
- Loyalty stamps + rewards balance
- Full vehicle service history
Sample Shop LLC · Your portal
Hi Sarah
Next appointment
Wed May 22 · 10:00 AM
Tesla Model Y · Front 2 Ceramic 70/35
📸
Photos
12 shots
🧾
Invoices
3 paid · 1 due
📄
Warranties
2 active
⭐
Loyalty
4 of 6 stamps
No login · token expires May 28
Deep dive · 03
Same auth shape as the mobile app
Token is 64-char hex, validated server-side against the customer_portal_tokens table on every request, expires in 30 days. Same output shape as the SMS-code mobile login flow — so the customer mobile app and the magic-link portal share the same token machinery underneath. Token-scoped means no auth bleed between customers, even on a shared phone.
- 64-char hex tokens
- 30-day expiry with clean rotation on resend
- Server-side validation on every request
- Token-scoped — no cross-customer leakage
- Customer can bookmark the URL until expiry
- Identical shape to mobile-app SMS-code login
🔗 Web · magic link
URL
/portal/a3f9e2c8b1...
Customer taps link → token validated → portal renders.
📱 Mobile · SMS code
6-digit code
4 8 2 · 9 1 7
Customer enters code → verifyCode() mints token → app loads.
↓ both resolve to ↓
customer_portal_tokens · 1 row
id
tok_8h2f
customer_id
cus_4d91
token_hash
sha256:9e3...
expires_at
May 28 14:02
last_used_at
4 min ago
One table · 64-char hex · 30-day expiry · server-side validation per request
What's included
The full capability list.
Everything that ships on day one. No feature-gating surprises inside a single plan.
- One-tap 'Send portal link' from customer detail page
- 30-day token expiry — auto-rotates on resend
- SMS or email delivery (operator picks per send)
- Lands at /portal/<token> — no password, no signup
- Customer sees: appointments, photo galleries, invoices, warranties, loyalty stamps, vehicle history
- Token-scoped — no auth bleed between customers
- Works for one-off jobs (no full account needed)
- Same auth surface as mobile-app SMS-code login
See every angle
A tour of the screens
Every meaningful view, the path through it, and the moments that matter — so you know exactly what you're buying.
Customer-facing portal
Lands at /portal/<token>.
Sees appointments, photo galleries, invoices, warranties, loyalty stamps. Token-scoped, no auth bleed.
Sample Shop LLC · Your portal
Hi Sarah
Next appointment
Wed May 22 · 10:00 AM
Tesla Model Y · Front 2 Ceramic 70/35
📸
Photos
12 shots
🧾
Invoices
3 paid · 1 due
📄
Warranties
2 active
⭐
Loyalty
4 of 6 stamps
No login · token expires May 28
How it works
Set it up once. Run it forever.
- 1
1. Operator sends the link
From any customer page, hit 'Send portal link' → pick SMS or email → done. Token is generated, hashed, stored, and sent via the existing Twilio / Resend stack.
- 2
2. Customer taps the link
Lands at /portal/<token>. Token is validated server-side (expiry + revocation check) before the page renders. Customer sees their own data scoped by token.
- 3
3. Token survives 30 days
Expires at +30d. Operator can resend any time (rotates the token cleanly). Customer can also bookmark the URL — works until expiry without re-auth.
How a shop actually uses this
Sample Shop LLC just finished a $1,840 ceramic coating. Mike taps 'Send portal link' on Sarah's customer page → her phone buzzes 4s later with an SMS: 'Sample Shop LLC · view your job + photos: [link]'. She taps it, sees her warranty cert, the photo gallery, and a tip jar. No account creation, no support call. Mike never had to email her a PDF.
Questions
Good to know.
- What if the customer loses the link?
- Operator hits 'Send portal link' again from the customer page. Generates a fresh token + retires the old one. Customer gets a new SMS with the new URL.
- Can two customers share a portal?
- Each portal is token-scoped to ONE customer record. To give a fleet manager access to multiple drivers' portals, use the new customer-mobile-login flow — they log in with their phone and see the customer record matching that phone.
- What about security?
- Token is 64-char hex, single-use-friendly (validated against the customer_portal_tokens table on every request), expires in 30 days. Same shape as the SMS-code mobile login output. Fine for the customer-self-serve use case; not a substitute for staff Better-Auth sessions.
Explore more
Pairs well with
Customer login
One Expo app, two login flows. Customers type name + phone, get a 6-digit SMS code, land in their own portal. Staff use email + password. Role decides which tabs they see.
Two-way SMS
Every customer conversation in one inbox. Auto-reminders run 24/7, but when they reply, a human sees it. MMS, templates, merge fields.
Warranty
Issue a PDF warranty cert at job close with film batch, install date, installer, and a registration link. Customers can open a claim from their phone.
Job Photos
Every appointment gets a photo gallery. Techs capture on mobile. Customers see a polished post-install gallery. You protect yourself from 'it was like that when you got it' claims.
Get customer portal first at launch.
Launching soon — join the waitlist for early access. At launch: 30-day free trial with full access to every feature on this page, no credit card.
Launching soon — get early access.