This article provides an overview on different methods through which your Customers can authenticate and login into Mobile and Web Apps in MENU Ecosystem.
The authentication process for Customers on your Mobile & Web Apps needs to be set on Brand level, upon Brand creation in CMS.
Here are the ways to authenticate:
- Email & Password [this is now deprecated]: Customer enters email and password to authenticate
- Email (Passwordless) [recommended]: Customer starts their sign-in process by providing their email and receives an authentication link and/or a code to sign up and log in
- Phone number: Customer starts their sign-in process by providing their phone number and receives a code to sign up and log in through SMS
Why is there a choice?
We want to let you choose the Customers authentication method that will suit you best. Also, we want to enable you to provide your Customers with a sign-in process that is not only familiar to them, but also fits the standards of the given market.
Having that in mind, remember to consider these:
- Method: does your Brand want to validate Customer's email or phone number using the OTP (one-time-password). With email authentication, Customers will need to confirm that they actually own the provided email address by entering the one-time password that is sent to that email; with phone number authentication Customer’s phone number will be validated in the same way
- Costs: while sending an email is free, phone number authentication will generate additional costs for the Brand since every one-time-password (which is sent on Customer registration, log-in and phone number update) needs to be sent through SMS
- Market standard: in some markets creating a profile with your phone number is more common than creating it using an email address, so Customers feel more comfortable with this approach and it makes integration with other platforms (for example Aggregators through MENU Link) easier
How do I set it up?
- Customer authentication method needs to be selected in Add new Brand modal when adding the new Brand to CMS, however: this functionality will move to MC in future
- Customer authentication method that the Brand is using can’t be changed later on a self-service basis. In some cases this will be possible but it will require involvement of our Development Team
- Additional configurations of Customer authentication methods are available on the Brand level in Management Center. You can access them at the following location: Brand > Configurations > Customer Configurations
Please note: since old versions (before v4.32.0) of Mobile App are not able to support newly introduced configurations this control is not yet available for clients in MC, but they could be enabled by MENU Development Team in combination with Mobile App Force Update functionality
One more thing: email, contrary to phone authentication, has 3 additional configuration fields:
- Require phone number - if this switch is enabled, the Customer will be required to add their mobile phone number on registration or if this switch was enabled after he registered next time they open the app
- Unique phone number - Users will not be able to use the same phone number on multiple accounts. Please note that when enabled, this switch won’t affect Customer accounts that already have the same phone number added to their accounts, but it will prevent new accounts from using the phone number that already exists in the system
- Require password - this switch should be enabled only for Brands that are using MENU Web App for ordering in combination with Punchh. If enabled, a password will be required during the User registration. This password is sent to the Punchh platform for account creation and will be used to log in to the Punchh app
Now, let's take a look at how it works. We've grouped flows corresponding to all methods for you here. Click on each section to expand or collapse it:
Most important characteristic of this method is that the Customer sign-in process starts by providing an email which must be verified during that process. This method doesn’t support phone number verification using OTP.
Here's an exemplary sign-in flow:
Most important characteristic of this method is that the Customer sign-in process starts by providing a phone number which must be verified during that process. This method doesn’t support email verification using OTP.
Since we still need Customer's email as the main operational communication channel and we’re relying on email as the main Customer identifier in different places in our system; Customer email will still be required in the registration process.
Here's an exemplary sign-in flow:
SMS cost for sending OTP in sign-up, sign-in, and Customer phone number update will be charged to the Brand through our Billing platform.
To reduce unnecessary costs we’ll introduce a mechanism that will make Customers wait for some time until they can request another code. After the first try countdown will start from the 30s and it will increase up to a maximum of 300s for repeated tries.
This method relies on your Customers' social media accounts to facilitate logging in. Upon selecting either Apple or Facebook login, the Customer will go through the same steps as in the Phone Number Authentication flow - however - this option is available for both Phone and Email Authentication - the data for both of them can be pulled from the social media account the Customer has chosen.