Settings
Configure your Hygate workspace — integrations, security, branding, and team management.
Overview
The Settings module is where you configure every aspect of your Hygate workspace. Only administrators have full access to Settings. Operators can access only the General tab to change their own password.
General
Global application settings that apply across all modules.
| Setting | Description | Default |
|---|---|---|
| Company Name | Displayed on guest payment pages and emails | — |
| Payment Page Title | Browser tab title for payment pages | — |
| Default Access Price | Default price in EUR for new doors | €1.00 |
| Default Access Duration | Default duration in minutes for new doors | 60 |
| Currency | Payment currency | EUR |
| Trust Period (Days) | Days a trusted device bypasses 2FA re-authentication | 30 |
| TTLock Enabled | Enable or disable TTLock module | true |
| Shelly Enabled | Enable or disable Shelly module | true |
Changing Defaults
Changes to default price or duration only apply to new doors created after the change. Existing doors keep their individual overrides.
Disabling Modules
| Module | When Disabled |
|---|---|
| TTLock | Doors page is hidden. QR payment flow is disabled. |
| Shelly | Devices page is hidden. Device session flow is disabled. |
Payment Page Branding
Customize the appearance of public payment pages — the pages guests see when they scan a QR code.
| Setting | Description |
|---|---|
| Logo URL | URL to your company logo (PNG or SVG recommended) |
| Brand Color | Primary accent color in hex (e.g., #0A84FF) |
| Header Text | Welcome message shown at the top of payment pages |
| Footer Text | Fine print, contact info, or terms shown at the bottom |
Branding Preview
Most settings pages show a live preview of how payment pages will appear to guests. Use this to verify your branding before saving.
Logo Guidelines
- Recommended format: PNG or SVG with transparent background
- Recommended size: 200×80 pixels (will be scaled)
- Max file size: 2MB
- Hosting: Upload to any publicly accessible URL (S3, Cloudinary, your CDN, etc.)
Stripe
Connect Stripe for payment processing.
Required Credentials
| Field | Where to Find It |
|---|---|
| Publishable Key | Stripe Dashboard → Developers → API keys → Publishable key |
| Secret Key | Stripe Dashboard → Developers → API keys → Secret key |
| Webhook Secret | Stripe Dashboard → Developers → Webhooks → Signing secret |
Webhook Configuration
- Go to Stripe Dashboard → Developers → Webhooks
- Click Add endpoint
- Enter your webhook URL:
https://your-domain.com/api/stripe/webhook - Select events to listen for:
checkout.session.completedpayment_intent.succeededcharge.refunded
- Click Add endpoint
- Copy the Signing secret and paste it into Hygate
Testing the Connection
Click Test Connection to verify:
- API keys are valid
- Hygate can reach Stripe
- Webhook endpoint is accessible from Stripe
TTLock
Connect your TTLock smart lock system.
Required Credentials
| Field | Where to Find It |
|---|---|
| Client ID | TTLock Developer Portal → Application credentials |
| Client Secret | TTLock Developer Portal → Application credentials |
| Username | Your TTLock account email |
| Password | Your TTLock account password (MD5-hashed before transmission) |
Getting TTLock Credentials
- Go to ttlock.com and create a developer account
- Navigate to the developer portal
- Create a new application
- Copy the Client ID and Client Secret
- Enter your TTLock account credentials
Testing the Connection
Click Test Connection to verify:
- OAuth2 token retrieval
- Lock list access
- API reachability
TTLock credentials include an access token and refresh token that Hygate manages automatically. Hygate handles token refresh transparently.
Shelly
Connect your Shelly IoT relay devices.
Required Credentials
| Field | Where to Find It |
|---|---|
| Auth Key | Shelly Cloud Dashboard → Account → Auth Key |
| Server | Shelly Cloud API server URL (usually auto-filled) |
Getting a Shelly Auth Key
- Log in to Shelly Cloud
- Go to Account → Auth Key
- Generate a new Auth Key
- Copy and paste it into Hygate
Server URL
Leave the server URL at its default unless you have a custom Shelly Cloud deployment.
Testing the Connection
Click Test Connection to verify:
- Auth key is valid
- Device list is accessible
- API reachability
Configure email delivery for OTP codes and notifications via Resend.
Required Credentials
| Field | Description |
|---|---|
| Resend API Key | From your Resend dashboard |
| From Email | The sender email address (must be verified in Resend) |
Getting a Resend API Key
- Create an account at resend.com
- Verify your sending domain
- Create an API key from the Resend Dashboard
- Copy and paste it into Hygate
Testing the Connection
Click Test Connection to send a verification email. Check your inbox for the test message.
Security
Configure authentication and session policies.
2FA Methods
| Method | Description | Best For |
|---|---|---|
| Disabled | No two-factor authentication required | Testing environments only |
| Email OTP | 6-digit code sent to user's email on login | Teams without smartphones |
| Authenticator App | TOTP code from Google Authenticator, Authy, etc. | Maximum security |
| Either method | User can choose between email OTP and authenticator app | Flexible teams |
Setting Up TOTP (Authenticator App)
- Go to Settings → Security
- Select Authenticator App as the 2FA method
- Click Enable 2FA on your user profile
- Scan the QR code with an authenticator app (Google Authenticator, Authy, 1Password, etc.)
- Enter the 6-digit code to confirm
- Save your backup codes in a secure location
Setting Up Email OTP
- Go to Settings → Security
- Select Email OTP as the 2FA method
- Users will receive a 6-digit code via email on each login
Trust Period
The Trust Period setting allows users to skip 2FA on devices they've already verified. When set to 30 days, a user who enters a 2FA code on their personal laptop won't need to verify again for 30 days.
Session Timeout
Configure how long a session remains valid before requiring re-authentication.
Team
Manage workspace members and their access levels.
Viewing Team Members
The Team page lists all users with their:
- Email address
- Role (Administrator or Operator)
- 2FA status
- Last login timestamp
- Account status (Active or Deactivated)
Inviting a New User
- Click Invite User
- Enter the user's email address
- Select a role: Administrator or Operator
- Click Send Invitation
- The user receives an email with an invitation link
Changing a User's Role
- Find the user on the Team page
- Click Change Role
- Select the new role
- Confirm
Deactivating a User
Deactivating revokes access without deleting the account:
- Click Deactivate next to the user
- Confirm — the user cannot log in until reactivated
Deleting a User
Deleting permanently removes the account and all associated data:
- Click Delete next to the user
- Confirm — this action is irreversible
Role Permissions Summary
| Setting | Administrator | Operator |
|---|---|---|
| General settings | Full access | View only |
| Change own password | Yes | Yes |
| Branding | Full access | No access |
| Stripe configuration | Full access | No access |
| TTLock configuration | Full access | No access |
| Shelly configuration | Full access | No access |
| Email configuration | Full access | No access |
| Security settings | Full access | No access |
| Team management | Full access | No access |