Skip to main content
ShadhinPay Docs

Account & security

Manage your profile, password, two-factor authentication, active sessions, and closing your account.

Your account settings live in the dashboard. This page covers keeping your account secure and managing its lifecycle.

Profile

You can update your full name, address, and country at any time. Changing your phone or email requires confirming the change:

  • Phone — we send an OTP to the new number; the change takes effect once you verify it.
  • Email — we send a confirmation link to the new address (and a heads-up to the old one); clicking the link completes the change.

Both changes require re-entering your password, and they sign you out everywhere as a security precaution.

Password

Change your password from the security settings. New passwords must be 12–128 characters, mix at least three character types, and can't reuse your last five passwords or match a known-breached password. Changing your password signs out all your other sessions.

Two-factor authentication (2FA)

Two-factor authentication adds a second step at login and is required for sensitive actions:

  • Creating, rotating, or revoking API keys
  • Setting or changing a webhook URL, or rotating its signing secret
  • Changing your payout bank account
  • Approving large payouts
  • Closing your account

Set up 2FA with an authenticator app (TOTP). When you enroll you'll get 10 single-use recovery codes — store them safely; they're your way back in if you lose your device. SMS-based codes are available as a fallback. You can regenerate recovery codes or disable 2FA from security settings (both require confirmation).

Staying signed in for sensitive actions

After you complete a 2FA check, you have a short window where you can perform sensitive actions without re-entering a code. Once it lapses, the dashboard prompts you again.

Active sessions

If you suspect someone else has access, use Sign out everywhere to invalidate every active session immediately. You'll need to log in again on each device.

Closing your account

You can request account closure from settings (it requires your password and a 2FA check). For your protection, closure is blocked while you have unfinished business, such as:

  • A positive balance still owed to you
  • Payments that are still in progress
  • Refunds that haven't completed
  • Webhooks that haven't been delivered

Resolve those first — withdraw your balance, let in-flight payments finish — then close. When you close, your businesses are disabled, API keys revoked, webhooks turned off, and all sessions ended. Records are retained for the period required by regulation.

Next steps

Analytics & exports

Read your dashboard metrics, set up alerts and notifications, export your data, and toggle sandbox data.

On this page

ProfilePasswordTwo-factor authentication (2FA)Active sessionsClosing your accountNext steps