Skip to main content

Authentication

Winstory uses a secure authentication system that combines wallet connection with professional email verification.

How It Works

Winstory authentication has two steps:
  1. Wallet Connection: Connect your crypto wallet (MetaMask, Coinbase Wallet, etc.)
  2. Email Verification: Verify your identity with a professional email address

Professional Email Requirement

Winstory requires a professional email address for authentication. This helps ensure:
  • ✅ Account security
  • ✅ Spam prevention
  • ✅ Community quality
  • ✅ Business verification

Accepted Email Domains

Any email address from a professional domain is accepted. Examples:
  • yourname@company.com
  • user@agency.io
  • contact@startup.co
  • team@organization.org

Blocked Email Domains

Personal email providers are not accepted:
  • ❌ gmail.com
  • ❌ yahoo.com
  • ❌ hotmail.com
  • ❌ outlook.com
  • ❌ icloud.com
  • ❌ protonmail.com
  • ❌ aol.com
  • ❌ mail.com
  • ❌ live.com
  • ❌ msn.com
If you don’t have a professional email, you’ll need to create one or use your company/agency email address.

Authentication Flow

Step 1: Connect Wallet

  1. Visit winstory.io
  2. Click “Connect Wallet”
  3. Select your wallet provider
  4. Approve the connection in your wallet

Step 2: Enter Email

  1. After wallet connection, you’ll see the email authentication screen
  2. Enter your professional email address
  3. Click “Send Verification Code”
The system validates your email domain before sending the code. Invalid domains are rejected immediately.

Step 3: Verify Code

  1. Check your email inbox
  2. Enter the 6-digit verification code
  3. Click “Verify”

Step 4: You’re In!

Once verified, you’re authenticated and can:
  • Create campaigns (creators)
  • Complete stories (completers)
  • Moderate content (moderators)
  • Access your MyWin dashboard

Authentication Methods

Winstory uses Thirdweb for authentication, which supports:
  • Email Magic Link: Receive a code via email
  • OAuth Providers: Google, Microsoft (for professional accounts)
  • Wallet Signatures: Cryptographic signatures from your wallet

Session Management

Automatic Login

Once authenticated, your session is saved. You’ll stay logged in until:
  • You disconnect your wallet
  • You clear browser data
  • Session expires (after 30 days of inactivity)

Logout

To logout:
  1. Click your profile icon
  2. Select “Disconnect Wallet”
  3. Confirm logout

Security Features

Email Verification

  • ✅ One-time verification codes (expire after 10 minutes)
  • ✅ Rate limiting to prevent abuse
  • ✅ Domain validation before code sending

Wallet Security

  • ✅ Cryptographic signatures (no passwords needed)
  • ✅ Private keys never leave your wallet
  • ✅ Transaction signing required for sensitive actions

Account Protection

  • ✅ Email required for all actions
  • ✅ Wallet address linked to email
  • ✅ Suspicious activity detection

Troubleshooting

Email Not Received

  1. Check Spam Folder: Verification emails sometimes go to spam
  2. Wait a Few Minutes: Email delivery can take 1-2 minutes
  3. Verify Email Address: Double-check you entered the correct email
  4. Check Domain: Ensure your email domain is professional (not blocked)

Code Expired

Verification codes expire after 10 minutes. If expired:
  1. Click “Resend Code”
  2. Enter the new code you receive

Invalid Email Domain

If you see “Invalid email domain”:
  • Your email is from a blocked provider (Gmail, Yahoo, etc.)
  • Use a professional email address instead
  • Contact support if you believe this is an error

Wallet Connection Issues

See our Wallet Setup Guide for wallet troubleshooting.

Best Practices

  • ✅ Use a professional email you can access regularly
  • ✅ Keep your wallet secure (never share private keys)
  • ✅ Enable 2FA on your email account
  • ✅ Verify you’re on winstory.io (check the URL)
  • ❌ Don’t share your verification codes
  • ❌ Don’t use personal email addresses

Next Steps

Now that you’re authenticated:

Need Help?