Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


Automatic Password Management


Out of the box YC provides automatic password management. This means that there is no option for customer or business user to change their password, they can only reset the password.



As depicted on on the diagram in the overview section in automatic mode customer receives their initial password when they register in shop. The password is automatically generated and send via email. Password can be included using the password variable in email templates.

Thereafter customer has the option to reset their password from the account using reset password button, which results in password reset link being sent to their email. Alternatively if they forgot their password they can use the forgotten password form to trigger this email. If the shop does not provide a forgotten password functionality customer has option to contact call centre and business user with access to customer accounts can trigger password reset from the admin application. In version 3.5.0+ the origin of the request can be established using additionalData.callCentrePasswordReset.

Business user


As admin application is restricted to organisation users the password management is somewhat simplified. Upon new user creation business users receive email with their password specified in a similar way customers do. The password can be reset by business users with user management role which triggers an email with new password.


User Controlled Password Management 


this feature is available in versions




Starting from version 3.5.0 password management can be setup to be fully controlled by business user thus providing flows to allow both customers and business users to change the password. 


For call centre initiated password resets there are two options. If shop attribute  SHOP_CUSTOMER_PASSWORD_RESET_CC is set (which represents the business user customer password reset token) this will still trigger the auto generated password flow. Thus it is recommended to leave this value empty when this mode is enabled. Alternatively you can use a condition statement in email templates to distinguish between two types of password resets.

Code Block
<% if (additionalData.callCentrePasswordReset) { %>
Your new password is: <b>$password</b>
<% } %>