Authentication

Signing up

Create an account at /sign-up with your email and a password. After submitting, you will receive a verification email. You cannot access the chat until your email is confirmed — this is not optional.

Once verified, your account starts on the free tier with a weekly spend cap. Full access requires professional verification — see Access Verification.

Sessions

After signing in, a session cookie is set. It is httpOnly and Secure — JavaScript on the page cannot read it. Sessions are valid until:

• →You sign out.
• →You change your password — all existing sessions are immediately invalidated.
• →An admin revokes your session (e.g. after a security event).

Password reset

Go to /forgot-password, enter your email, and check your inbox. The reset link expires after 1 hour. Completing a reset invalidates all active sessions.

Self-hosted instances

If you run your own h4ckbot instance, the first admin account is created manually in the database — there is no self-serve admin promotion. Standard user accounts sign up through the normal flow. Email verification requires a working SMTP configuration in your .env file.