Skip to main content

Self-service onboarding

⚠️ Default: disabled. Keep this flow off in most production environments. Enable it only for demos, sandboxes, or tightly controlled programs.

Self-service onboarding illustration

What happens when it is enabled

  1. Visitors open /onboarding and submit their name, email, and organization.
  2. They confirm the terms of service and receive a verification email.
  3. After confirming, Open Mercato provisions a tenant + organization, seeds demo CRM data, and creates an admin user for the submitted email.
  4. Administrators receive an email notification with the details so they can monitor new sign-ups.

Environment variables

Self-service onboarding activates only when all of these values are present:

SELF_SERVICE_ONBOARDING_ENABLED=true
RESEND_API_KEY=your_resend_api_key
EMAIL_FROM=no-reply@your-domain.com
APP_URL=https://your-domain.com
ADMIN_EMAIL=ops@your-domain.com
  • SELF_SERVICE_ONBOARDING_ENABLED – explicit opt-in toggle (defaults to false).
  • RESEND_API_KEY – used to send verification emails via Resend.
  • EMAIL_FROM – sender address visible to the recipient.
  • APP_URL – public base URL used to build verification links.
  • ADMIN_EMAIL – receives a notification each time someone submits the form.

Restart the app after changing environment variables.

User experience FAQs

  • Duplicate email – If the email already exists in Open Mercato, the flow ends with a message prompting the user to sign in or reset the password.
  • Spam protection – If a pending request exists from the last 10 minutes, the requester is asked to wait before trying again.
  • Roles – The verified user receives the admin role. Superadmin privileges are not granted automatically.

Enabling and disabling

  • Enable by setting the variables above and restarting the app. A green “Start onboarding” card appears on the home page when configuration is valid.
  • Disable by setting SELF_SERVICE_ONBOARDING_ENABLED=false. The /onboarding endpoint rejects submissions (HTTP 404) and the home-page CTA disappears. Active verification links continue to work so in-flight signups can finish.

When to use it

Use self-service onboarding for demos or sandbox environments where automated tenant creation is helpful. For production systems where each customer must be vetted, keep the flag disabled and onboard organizations manually through the directory module.