#arslankhalid067

👋 happy to help

but I want to restrict the acess of it.
what do you mean exactly?

Thank you @fluid vine .
By restricting access I mean that billing portal link should not be accessible from everywhere or if it is accessbile, it should be for a shortlived time.

Currently I have link opened in incognito mode from last 30 to 40 minutes and it is still accessible to me.

in all cases your customer needs to do a 2fa to access the Portal

Is there a configuration for it?

it's explained here https://stripe.com/docs/customer-management/activate-no-code-customer-portal#share

Let me check and I will get back to you.

@fluid vine - In my case what is being done is like this.

Once a customer subscribe to a plan, we show Manage Billing button to that customer and once customer hits that button we create a session for that customer using the following code,

Stripe::BillingPortal::Session.create({
customer_id: <CUSTOMER_ID>
})

It takes me to the page and there is no 2fa required for it.

Let me know if I am missing out on anything

what is shown on the customer portal session?

would you mind sharing the link?

It has the information about customer, I am sharing an example from test mode with you as personal message. will that work?

if you have the ID that would be enough

bps_xxx

I don't see ID in such format in URL. There appear to be
test_xxx

should I share that?

if you want you can also share the request ID where you created the Customer Portal Session

here's how you can find the request ID https://support.stripe.com/questions/finding-the-id-for-an-api-request

"bps_1MuD0tJZWT0QmQRZVYVa5liS"
Is this what you want?

perfect thanks

the session has expired

I am able to refresh the page and access the page in incognito mode, was it expected behaviour?

I'm not really sure

Should I share the url with you in message?

no need I have the URL

but I can't access it

the session has expired

would you mind creating a new one

and passing the new ID?

Yeah let me create a new one.

"bps_1MuDmPJZWT0QmQRZZ9HqPk16"

@fluid vine Can you please check for this? 👆

Hi! I'm taking over my colleague. Please, give me a moment to catch up.

Sure.

I'm checking one more option, please give me a moment

@warm echo - Sure, I am waiting.

There's also a login_page parameter, could you please see if this works for you? https://stripe.com/docs/api/customer_portal/configuration#portal_configuration_object-login_page-enabled

@warm echo - Please give me some time. I will be checking on it shortly and will get back to you.

Sure

@warm echo - sorry for the little delay I will check the login page configuration later on as I caught up with some other items atm. Can you please let me know the time after that session expires if I do not provide any time? Or is there a way to provide the expiry time during creating the session

I could find Shortlived URL in API documentation but could not see how much time for that shortlived URL

Hi 👋 jumping in as my teammate needed to step away. I'm not readily seeing a parameter that would allow you to set an expiration time on either the portal session or portal configuration objects.

I'm not sure offhand how long the sessions are active for, but will see what I can find.

Sure, Please let me know the time frame for expiry of the session if you can find or investigate it

This is what I'm finding about portal session durations:

Portal sessions are temporary. New portal sessions expire after a 5 minute period. If a customer uses it within that time period, the session expires within 1 hour of the most recent activity.
https://stripe.com/docs/customer-management#customer-portal-features

Sure will go through it and will get back here in case I need more assistance. Thank you everyone 🙌