Guidelines for using the Authentication capability.

Apps can allow users to authenticate with a third-party platform. This is typically used to make certain features and content only available to a subset of users. This page contains some guidelines for creating a delightful authentication flow.


  • Authentication flows must occur in the authentication pop-up window, not within the app's iframe — that is, sign up and login forms should only appear in the pop-up window
  • Use the title element to set a title on the authentication's pop-up window
  • Provide clear and actionable error messages
  • Prevent users from arriving at dead-ends or becoming stuck in endless loops
  • Ensure that the redirect URL appears familiar and friendly — that is, not like a phishing threat
  • Provide options for both signing up for and logging in to the platform
  • Support non-desktop devices, such as mobile phones and tablets
  • Do not auto-subscribe users to marketing content — all marketing material must be opt-in
  • If the same user installs the same app under different teams, require them to authenticate separately for each team — do not automatically authenticate the user

Suggested copy for authentication flows

There can be many scenarios to consider when building an authentication flow. You are free to make your own copy to communicate authentication flows. Alternatively, to speed up your development, we've provided some suggested copy that you can use

ScenarioSuggested copy
Password is incorrectForgot password?
No email foundWe couldn’t find that account. Try a different email or sign up.
One or all of the credentials are invalidWe couldn’t find that account. Try logging in a different way or sign up.
User needs to reset passwordFor your security, we’ve emailed your a link to reset your password.
Too many failed login attemptsToo many attempts. Please try again in X minute(s).
Password reset link expired or used alreadyLooks like you need a new password reset link.
User already has an accountLooks like you have an account already! Log in.
Not all form fields completeNot quite done yet...
Incomplete fieldsYou missed this one
Passwords don’t matchThose passwords don’t match
Invalid password– doesn’t meet criteriaUse 8 or more characters with a mix of letters, numbers, and symbols.