ForjioHuudisIdentityPlugipayPaymentsStorlaunchE-commerceFulkrumaFulfilmentRiplloMarketingLinkSnapShort URLsPawpadoGPU streaming
Storlaunch Docs
⌘K

Sign in

This page walks through what happens when you sign in to Storlaunch, what each screen does, and how to recover from the common things that go wrong.

If you're new to Storlaunch and don't have an account yet, head to Quickstart first — sign-up and sign-in share the same screens.

The flow

Sign-in has up to four screens, depending on your account state:

  1. Storlaunch landing page — you click Sign in.
  2. Huudis email/password screen — you enter your credentials (or click Google/Apple).
  3. MFA prompt (if enabled) — you enter a TOTP code or biometric.
  4. Storlaunch dashboard — you're in.

Steps 1 and 4 are on storlaunch.forjio.com. Steps 2 and 3 are on huudis.com — you'll see the domain change in your address bar. That's intentional: Huudis owns identity, Storlaunch owns commerce data.

Step-by-step

1. Click Sign in

The Sign in button is in the top-right of every storlaunch.forjio.com page. Clicking it sends you to storlaunch.forjio.com/login. From there you can choose:

  • Continue with email — the standard flow.
  • Continue with Google — available if your Huudis instance has Google OAuth configured.
  • Continue with Apple — same condition as Google.

If you've signed in to storlaunch.forjio.com before in this browser, you'll skip the chooser and go straight to Huudis.

2. Enter credentials

On huudis.com, you'll see a form for Email and Password.

  • Email is case-insensitive.
  • Password is case-sensitive. Spaces matter.
  • Minimum 10 characters — Huudis enforces this; Storlaunch doesn't impose extra rules.

After you submit, Huudis validates the credentials. Three possible outcomes:

  • Success, no MFA — you skip to step 4.
  • Success, MFA enrolled — you go to step 3.
  • Failure — you see "Invalid email or password" with no information about which one is wrong (this is intentional, to prevent account enumeration).

3. MFA challenge (if enabled)

If you've enrolled in multi-factor authentication, Huudis prompts you for a code. Supported factors:

  • TOTP — from Google Authenticator, Authy, 1Password, etc. Six-digit codes.
  • WebAuthn — hardware security keys (YubiKey) or platform authenticators (Touch ID, Windows Hello).
  • Backup code — one of the codes you saved when you enrolled. Each code works once.

Enter the code. Huudis verifies it and proceeds.

Lost your second factor? Use a backup code. If you've used them all, contact your workspace admin — they can disable MFA on your account from the dashboard. If you're the only admin and you've locked yourself out, email hello@storlaunch.forjio.com from a recognized email address.

4. Back to Storlaunch

Huudis redirects your browser to storlaunch.forjio.com/callback?code=…. The callback page POSTs that code to Storlaunch's backend, which:

  1. Exchanges the code for tokens at Huudis.
  2. Validates the PKCE challenge it stored before redirecting you out.
  3. Signs a session cookie and sets it on your browser.
  4. Redirects you to /dashboard.

You're in. The whole thing usually takes under a second.

Workspace selection

If your Huudis identity belongs to multiple Storlaunch workspaces, the first sign-in to a new browser lands you in the workspace you used last. If we can't determine that — e.g., it's a new browser and you're a member of several — we land you in your default and show a brief banner that you can switch.

The workspace switcher lives in the top-left of the dashboard. Switching is instant; we don't reload the page, just refetch the data.

"Remember me"

We don't have a "remember me" checkbox because we do it by default. Session cookies last 30 days of inactivity — you don't need to re-sign-in unless you've been away.

The cookie is httpOnly, Secure, SameSite=Lax, and HMAC-signed. It's safe to leave the browser open.

Buyer sign-in (storefronts)

The flow above is for merchants — the people running storefronts. Buyers visiting a storefront have a separate, lighter sign-in:

  • OTP via email or phone. The storefront's checkout page offers "Sign in to track your orders". Storlaunch sends a 6-digit code; the buyer enters it; a buyer session cookie is set.
  • No password ever. Buyers never have a Storlaunch password — the OTP is the credential. Phone-based OTP uses Huudis's WhatsApp Business integration when available, falling back to SMS.
  • Buyer session is separate from the merchant session. A buyer who is also a merchant signs in once for each side — the two cookies coexist.

This is documented separately under Portal → Storefront → Buyer accounts (coming soon).

Common errors

"Invalid email or password"

The email or password you entered didn't match. We don't tell you which one for security reasons. Things to check:

  • Caps Lock is off.
  • The email is the one you used at sign-up — not an alias or another address you've added later.
  • You haven't recently changed your password (then logged in with the old one).

If you genuinely don't remember, use Forgot password.

"Email not verified"

You signed up but never clicked the verification link in the welcome email. Storlaunch won't let you sign in until you've verified.

Click Resend verification on the sign-in error page. The email comes from no-reply@huudis.com — check spam if you don't see it within a minute.

"Account locked"

After too many failed attempts (we cap at 10 per 15 minutes), Huudis temporarily locks your account. Wait 15 minutes and try again. If you've genuinely forgotten your password, request a reset — that bypasses the lock.

"Apple/Google sign-in failed"

The most common cause is that the social provider isn't actually configured on this Huudis instance — the buttons should be hidden in that case but a stale browser tab can show them. Refresh the page; if the button disappears, fall back to email/password.

Behind the scenes

If you want to understand the protocol-level details — PKCE, state, nonce, refresh token rotation — the Authentication overview has the cross-product summary.

Next