Skip to content
Paylent Docs

Custom Domains

Every environment has a default subdomain (e.g. acme-prod.paylent.com), but you can configure a custom domain like auth.yourcompany.com so your users see your brand during login and OAuth flows.

How It Works

Section titled “How It Works”

When you add a custom domain, Paylent provisions an SSL certificate automatically through Cloudflare. Once active, all OAuth endpoints — login, authorization, token exchange, and OIDC discovery — respond on your custom domain.

Your OAuth issuer URL updates to use the custom domain, so tokens are issued under your domain rather than a Paylent subdomain.

Setup

Section titled “Setup”

  1. Add the domain in your dashboard

    Go to Settings → General and enter your domain in the Custom Domain section (e.g. auth.yourcompany.com).

  2. Add a CNAME record

    In your DNS provider, create a CNAME record pointing your domain to Paylent’s origin:

    TypeNameTarget
    CNAMEauthcustomers.paylent.com

    For apex domains (e.g. auth.example.com where auth is the subdomain), use a standard CNAME. If you need to use a bare domain, check if your DNS provider supports ALIAS or CNAME flattening.

  3. Wait for SSL provisioning

    Certificate provisioning typically takes a few minutes. The dashboard shows the current status:

    StatusDescription
    PendingDNS verified, certificate being issued
    ActiveCertificate provisioned, domain is live
    FailedProvisioning failed — check your DNS records

    Use the Refresh button to poll for updates.

What Changes

Section titled “What Changes”

Once your custom domain is active:

  • OIDC Discovery/.well-known/openid-configuration returns URLs under your domain
  • OAuth endpoints/oauth/authorize, /oauth/token, and others respond on your domain
  • JWT issuer — The iss claim in tokens uses your custom domain
  • Login page — Users see your domain in the browser address bar

The default subdomain continues to work alongside your custom domain.

Validation Rules

Section titled “Validation Rules”

Custom domains must:

  • Be a valid hostname with at least two labels (e.g. auth.example.com, not just example)
  • Not be a subdomain of paylent.com
  • Not be an IP address
  • Not contain wildcards
  • Be globally unique across all Paylent environments

Removing a Domain

Section titled “Removing a Domain”

In Settings → General, click Remove Domain. This deletes the SSL certificate and reverts OAuth endpoints to the default subdomain. Your DNS records are not automatically cleaned up — remove the CNAME record from your DNS provider after removal.