Skip to content

The Payway account model

Target Audience: Users, Stakeholders, Developers

Introduction

In Payway(PW) the account defines a customer. Connected to an account are e.g. subscriptions and orders.

Account lifecycle states

Account lifecycle

Created state

The created state is the initial state when the account is created. In this state, the account is unusable and must be activated.

Active state

The active state is the normal state for an account. In this state, the account has access to all the functionality of Payway. Accounts are automatically activated during purchase, activation, or registration.

Archived state

If an account is archived it receives the status archived. When archived all identifying data is removed from the account. This process can be reversed from PAP if done within 30 days.

Inactive state

If an account is inactive it has no access to the functionality of Payway. An account often receives this state due to misuse. The e-mail of an inactive account cannot be used to register a new one. An account can, if need be, be reactivated in PAP.

Login disabled

An account can be marked as login_disabled to function as a "customer record" — it retains all normal account data (subscriptions, addresses, orders, etc.) but cannot be used for authentication.

An account with login_disabled = true:

  • Can be created, updated, and have subscriptions as normal
  • Cannot log in via SSO, password grant, or any other authentication method
  • Cannot receive access tokens or delegated tickets from the authorization server
  • Cannot use the "forgot password" functionality (no email is sent)
  • Cannot use one-time passwords (OTP)

This differs from the inactive state in that an inactive account is typically the result of misuse and blocks access to Payway functionality, while login_disabled is intended for accounts that represent customers without login capabilities — for example, imported customer records from external systems.

The login_disabled flag defaults to false, meaning no existing accounts are affected. The flag must be explicitly set via the API or in PAP.

The login disabled status of an account can be viewed and toggled in PAP under Customer details.

Account verification

Account verification is a substate independent of the lifecycle states above. It indicates that the account owner has confirmed their email address. This feature can be enabled or disabled per organisation — contact support for more information.

When account verification is enabled, the customer will receive a verification email during account registration via API, PCP or PAP. The email contains a link that the customer follows to confirm their email address. Once confirmed, the account is marked as verified. An account will automatically be verified during a purchase or activation.

If the feature is disabled, accounts are automatically verified upon creation.

The verification status of an account can be viewed in PAP.