Customer Website Authentication

Introduction

LoanPro offers a pre-built customer website. While this website is not an optimal solution for all lenders, it can be configured and deployed quickly to give lenders the option of providing borrowers an online portal where payments can be made, loan information can be viewed, and personal information can be updated.

Some lenders choose to customize their own customer portal beyond the standard configuration offered by LoanPro. There are three primary ways that lenders customize or provide a customer portal, and this article will cover the basics of how those options are implemented.

Authentication Options

Here are the available authentication options for your customer portal.

Option 1: Customer Portal Out-of-the-Box

Implementing the pre-built customer portal is really simple. All our customer portal sites are hosted at the loanpro.software domain. A company-specific site will include a prefix (e.g. yourcompany.loanpro.software).

Authentication through the standard portal can be set up directly inside of the admin view of LoanPro.

Option 2: Embedded Login

LoanPro also offers a way to embed the login for the customer portal site into another website. This is done either through an iframe or through the LoanPro API. This gives the flexibility of making the login area and fields look like the rest of the site in which they are embedded.

Doing this is relatively simple, as credentials to access the site can still be managed from LoanPro. Credentials and access management features include:

  • Username and password creation
  • Username and password reset
  • Defining access to data and features once logged in

This option requires some amount of expertise in HTML and/or using the LoanPro API. It will also require that developers have access to make changes to the site into which the login will be embedded.

Option 3: Building Your Own Portal

This is the most customizable option, but is also the most difficult to accomplish. This option requires that you build your own website infrastructure and appearance and use the LoanPro API to retrieve data and make changes to the customer's account. To accomplish this, you would need your own development team and the ability to host your own website.

This method also requires a bit of decision-making. Clients who build their own customer portal often have questions about authentication and credentials management. There are two options for authentication:

  • Use the LoanPro authentication endpoint and let LoanPro manage credentials
  • Manage your own authentication

The pros and cons of both options are discussed in the following sections. It's important to stress that building your own portal is going to require some additional work. You'll need to develop middleware of some sort that manages how you handle authentication. The authentication credentials that are input into your custom portal will need some way to match those in LoanPro. Whether that means using a token from an authentication response or using a separate method, your portal will need middleware to facilitate the way it interacts with LoanPro.

LoanPro Authentication

You can allow your customers to use the credentials created by LoanPro to log in to a customer portal you create. The following basic steps are required to do this:

  1. Create a login form that gathers username and password.
  2. When the login form is submitted, call the LoanPro customer authentication endpoint to see if the credentials are valid.
  3. Handle the success (200) or failure (401) responses to either grant or deny access to customer data
  4. Use the customer id, returned with a 200 response, to get data for the correct customer through the LoanPro API

The endpoint for this call is as follows:

POST https://loanpro.simnang.com/api/public/api/1/tenants({tenantId})/customers/authenticate

The payload should look something like the following:

{
"username":"jdoe",
"password":"johnq1!",
"logout":"https://google.com"
}

For more information on the use of this endpoint, take a look at this article about creating a dedicated login page.

The benefits of doing things this way are:

  • You can use LoanPro to manage credentials
    • Assign usernames
    • Generate passwords
    • Reset passwords
Manage Your Own Authentication

To manage your own authentication, you will be required to:

  • Keep a database of usernames and passwords
  • Create a way to add users and set usernames
  • Ensure that each set of credentials is correctly associated with a customer in LoanPro
  • Build a password-reset function

When you manage your own authentication, the basic process is as follows:

  1. Customer signs up to use your portal and creates a username and password
  2. The credentials are saved to a database (not hosted or provided by LoanPro), which associates then with the user's LoanPro ID and possibly other information
    1. This may be done by using a unique identifier for the user (e.g. email address) to query LoanPro to find the user's ID and add it to the database
  3. When the user logs in, they will enter their credentials, which should be compared against your database to authenticate the user
  4. If the user loses their credentials, reset functionality should be built

Managing your own authentication offers a few advantages. You can view, set, and reset user credentials; those credentials can be shared for a single login on any middleware or applications you control; and you ultimately have far greater flexibility, limited only by what you can program.

The drawback is that you will be responsible for creating all of your authentication and authentication-related features.


How did we do?


Powered by HelpDocs (opens in a new tab)