Velo: Backend Signup and Login

2 min read
When creating a Member Signup Form for your Members Area, there are 3 types of forms to choose from: Default, Custom, or Velo Form. Visitors first sign up for, and then log into, your site using these forms. 

With the Custom form, you can customize the aspects of the form such as the form title, fields, background, and the submit button. 

However, with the Velo Form, you have even more customization options using code with Signup and Login APIs.

Here are some ideas for why you might want to use a Velo form using code:

  • Check password strength
  • Only allow visitors from certain domains to sign up
  • Run your own validations, in addition to "out-of-the-box" validations
  • Add extra fields and store their values in some collection
  • Set up 2-Factor authentication (2FA) with code and/or an integration package, such as this Twilio package

Security Implications

Signup and login processes necessitate the transfer of sensitive information, such as passwords and tokens. 

Typically you run sensitive code in the backend. Your code may have security risks if it runs in the frontend. 

We recommend that when working with Velo forms, your signup and login API calls run on the backend. 

Restrict Signup & Login Calls to the Backend

To restrict signup and login calls to the backend and prevent exposure of sensitive details, set up the following:
  1. The signup and login forms are part of the Members Area on your site. Add a Member's Area to your site to create a custom Velo signup form with a lightbox.
  2. Turn on Velo Dev Mode.
  3. Create and select the Velo form. Make sure that both the signup and login forms on your site are set to Velo Form.
  4. In the Settings panel for either form, select Advanced Settings and enable the Only allow backend calls for Signup and Login APIs setting. Note that changes take place immediately.

When the Only allow backend calls for Signup and Login APIs toggle is on:  

  • All signup/login API calls run in the backend only, where sensitive data, such as passwords, are more secure.
  • Default and Custom form APIs don't work. These forms must run on the frontend. Changing  the setting on a form from Velo Form to Default or Custom will automatically turn off the Only allow backend calls for Signup and Login APIs setting.

Did this help?