The authoritative reference for the x12port owner account — covering the master key login, owner-exclusive capabilities, platform configuration, and handoff procedures.
The owner is the supreme account on the x12port platform. The owner flag (is_owner = true)
grants unconditional access to every admin panel, every inbox, and every action — including
actions that are restricted from ordinary admins. There is exactly one owner account at a time.
Owner login is a three-step process that adds an extra layer of security beyond the standard admin login:
The master key is a long alphanumeric token in the format
XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX. You set it from
Settings → Owner Key. If the key has not been set yet, you will be redirected
to create one immediately after your first two-factor login.
Go to Settings → Owner Key (requires an active owner session) to generate a new master key. The old key is invalidated immediately. Update your password manager as soon as you regenerate it.
In addition to every admin capability, the owner has access to the following actions that no admin can perform:
| Capability | Where |
|---|---|
| Grant or revoke admin access for any user | /admin/users → user detail |
| Set or change per-admin permission toggles | /admin/staff |
| Invite new admins via email | /admin/staff |
| Void commissions | /admin/commissions → Pending tab |
| Process cashout requests (approve, reject, mark paid) | /admin/commissions → Cashout Requests tab |
| Set per-agent commission rates | /admin/commissions → Rate Settings tab |
| Read the legal@ inbox | /admin/inbox |
| Record revenue manually | /admin/commissions |
Manage your admin team from /admin/staff.
Once an admin account exists, find it in the staff roster and use the permission toggles to enable or disable each of the five access areas: Billing, Support, DB, Sales, and Ads. Changes take effect immediately.
Click Revoke Admin on any staff member's row. Their account is downgraded to a standard user account and all admin panel access is removed immediately.
The full commission lifecycle is managed at /admin/commissions.
Go to the Rate Settings tab to configure each agent's onboarding, monthly, and annual commission percentages. Rates are stored per agent and applied automatically when revenue is recorded against their clients.
Click + Record Revenue to manually log a revenue event (e.g. a payment that was processed outside Stripe). You specify the agent, client, revenue amount, commission type, and a description. The system calculates the commission amount based on the agent's current rates.
Pending commissions appear in the Pending tab. Click Approve to move a commission to the approved state, starting its holding period clock.
Click Void on any pending commission to cancel it permanently. This is owner-only and is typically used when a client churns before the holding period ends.
Agent payout requests appear in the Cashout Requests tab. You can:
The following secrets power core platform features. These are set in the Replit environment secrets panel and are never stored in code:
| Secret | Purpose |
|---|---|
STRIPE_SECRET_KEY | Stripe API — billing stats, subscriptions, and payouts |
STRIPE_PUBLISHABLE_KEY | Stripe front-end key for the checkout UI |
STRIPE_WEBHOOK_SECRET | Validates incoming Stripe webhook events |
SMTP_PASSWORD / GMAIL_APP_PASSWORD | Outgoing email (verification codes, support replies, invitations) |
RESEND_API_KEY | Alternative transactional email via Resend |
SESSION_SECRET | Flask session signing key — rotate this to invalidate all active sessions |
SESSION_SECRET will log out every user immediately, including all
admin sessions. Only do this if you believe sessions have been compromised.
For users to subscribe, each plan must be linked to a Stripe Price ID. Go to /admin/billing and click Edit next to each plan to enter its Stripe Price ID and monthly price in cents.
If you are transferring x12port to a new owner, follow these steps in order.
Have the buyer sign up at /signup or create their account directly from /admin/users. Confirm the account is verified and accessible.
From /admin/users, open the buyer's user detail page and click Grant Admin. Confirm they can access the admin panel.
Ownership transfer requires a direct database update because there is no in-app owner transfer button. Using the database tool at /admin/db or via the Replit database console, run:
-- Replace IDs with the actual buyer and current owner IDs
UPDATE user SET is_owner = 0 WHERE id = <current_owner_id>;
UPDATE user SET is_owner = 1 WHERE id = <buyer_id>;After this change, the buyer must log in through the full three-step owner flow (email + 2FA + master key). They will need to set their own master key on first owner login.
Share all required secrets with the buyer securely (use an encrypted channel, never plain email). The buyer must enter these into their own Replit secrets panel:
Stripe accounts are tied to a business owner. Transfer the Stripe account to the buyer's
email and business identity through the Stripe dashboard. Update the
STRIPE_SECRET_KEY and STRIPE_PUBLISHABLE_KEY secrets once the
new Stripe account is active.
Transfer the Replit project to the buyer's Replit account and update DNS records for any custom domain. Confirm the app loads correctly on the buyer's account before proceeding.
Once the buyer has confirmed full access, go to /admin/users, find your own account, and click Revoke Admin. If you want to remove your account entirely, the buyer can suspend or delete it from their owner session.
Have the buyer verify the following before you sign off: