Send client login details, not invoice password

Hello everyone,

I would like to know if its possible to send clients their actual login if no password has been set, instead of the single password for invoices.

The problem is:
The clients get a password in the first email, they are able to login and pay the invoice but the password won’t be shown in the next invoice, so they will probably forget it (yearly invoices).

What I would like is:
Send the client a login (and one time password) for /client/login and prompt them to change their password, and have the “show invoice” button in the email be the /client/login link.

Is this possible? I am on the self-hosted Invoiceninja, version 4.2.2

ps: where are all the variables listed for emails, I couldnt find them

Kind regards,


Or a different idea would be to prompt the client to change the generated password, and set the /client/login password the same.

The confusing part is that once you’ve tried to login to the /client/login via the URL the page will ask you for the invoice password, instead of the client login… at the same URL, even if you visit it at a later time

Try this:

  1. Activate the dashboard for clients, and password protect (and generate) the invoices
  2. Set up a new client without a password
  3. Create a new invoice under that client and send it
  4. Login via the URL in the email, and the password in the email
  5. “pay it”
  6. Log out of the account and imagine some time passing
  7. Get a new invoice, and not know the password because its not in the email
  8. Press “lost password”, and get a password reset for your client login
  9. “pay it”
  10. Log out/get logged out and imagine some time passing
  11. Get a new invoice, click the link, see only the “password” box pop up, try loggin in with the password you set in step 8 and see it’s not valid

Repeat step 8-11

We store the password using a one-way encryption, it isn’t possible to send it after after its been generated.

You can see the full list of email variables by clicking the question mark to the right of the subject input.

I’m not sure what you mean by ‘invoice password’ vs ‘actual login’, these should both be the same.

It is good that it can not be sent again, I just noticed I must have done something wrong because it does work

Client login: /client/login with email and password input
Invoice login: /client/login with only the password input

It is confusing that when you logout after logging in with the client login, you get the invoice password login.
Is there a way to always force the “Client login” instead of the “Invoice login”, and force users to change their password at first login? That would be amazing :slight_smile:

This isn’t currently supported but feel free to create an issue on GitHub