Sign In with Dombox

"Sign In with Dombox" is a privacy-focused alternative for "Sign in with Google" and "Sign in with Facebook". "Sign In with Dombox" offers only minimal data to websites and apps with user permission.



Portal can mean many things. e.g. Web portal. But we are using the term Portal in the science fiction context.

You might have seen the portals in movies. In the movie Avengers, they use a Vertical Portal to travel between planets. But in the movie Dr. Strange, they use Horizontal Portals to travel between places on earth.

We're using the term "Portal" because the consumers save their time by skipping the process like filling registration forms, Creating a contract, Creating a Combox, Verifying emails etc. Consumers also skip the Login forms while logging in.

Select Domain

Portals cannot be created for unverified domains. You need to verify your domain first before creating a portal.

Every portal will be linked to a domain. In the select domain page, the business owner needs to select the domain from the domain field. Only verified domains, are available for selection.

Portal Info

In Portal Info page, the business owner enters the Portal Name and Redirect URIs.

A domain can have unlimited portals. But for most domains, only one portal is enough. For example, an educational website can have a portal for students and another portal for teachers. To prevent confusion, the business owner should give a portal name to identify the portal properly.

For security reasons, all portals must have at least one Redirect URIs. The business owner needs to provide that.

If you have any plans to deploy the portal app in Native mobile applications or Javascript only applications, then it requires "implicit grant" in order to work. In such cases, the Business Owner can Opt-In by checking the "Allow Implicit Grant" checkbox.

Note: Check "Allow Implicit Grant" checkbox, only when you need this option. Implicit Grant provides low security. This is disabled by default for security reasons.

Portal Type

Non-Contracting Portal - These are Normal Portals. Dombox addresses are not tied to any contracts.

Contracting Portal - These are Exclusive Portals. Dombox addresses are tied to contracts. [Learn more about "Contract with Dombox"]

In the Site Links page, the business owner enters the relevant site links.

These links will be displayed to consumers. So they can check the links before signing up to the website.

The Business owner should provide the Privacy Policy Page URL, Terms Of Service Page URL, Pricing Page URL.

Required Data

Scroll down to lean more about the data.


If your project is under development, don't set the portal to "Public".

Configure Client

Configure portal client to accept signups

Data Classifications

User Data is classified into three categories.

Data Sensitivity
Green Data Low
Yellow Data Medium
Red Data High

Green Data

If a third party website gets hacked, the damage is nearly null in this category. This is because all data found in this category are Insensitive ones (including email address).

e.g. Back in 2013, 150 million Adobe accounts were hacked. If Adobe had only our green data, they can contact our consumers without any issues, on the other hand, this data is useless in the spammers hands. Because hacking this data is nothing more than crawling Facebook profiles.

For most websites, only Green Data is enough. If you are a website owner, keep in mind you are discouraging user signups if you request "Yellow Data" and "Red Data" without a sensible reason.

"Green Data" contains the following fields.

First Name, Last Name, Display Name, Preferred Usernames, Domkey, Email, Gender, Avatar, Age Group, Date Joined, Time Zone, Locale, Date Format, Website

Field Description
First Name Self-Explanatory
Last Name Self-Explanatory
Display Name Display name provided by the Consumer. If provided websites are advised to use this name in profile display instead of consumer's full name.
Preferred Usernames Some websites requires a username to create "Vanity URL". This is a comma separated value. The website can use the usernames if available
Domkey Explained already
Email Isolated Email Address. Not the primary email
Gender Consumer's Gender. It can be one of the following values. Male (M), Female (F), Others (O)
Avatar Avatar URL
Age Group Consumer's age group. If the consumer is in his/her twenties, then this value would be 20. If the consumer is in his/her thirties, then this value would be 30 and so on. The possible value would be from 10 to 120
Date Joined Consumer's signup date to the Dombox mail service.
TimeZone Timezone value set by the Consumer. So the website can display date and time based on the consumer's time zone.
Locale Preferred Language Locale value set by the Consumer. If the website supports the locale, then the website user interface would use that locale. e.g The value "en_US" means US English. The value "en_GB" means UK English
Date Format Date format value set by the Consumer. So the website can display date based on the consumer's date format.
Website Website value set by the Consumer. So the business can display the website URL in profile if provided.

Yellow Data

If a third party website that contains the yellow data get hacked, then the damage is minimal.

"Yellow Data" contains the following fields.

Date of Birth, Country, Social Links.

Keep in mind, the consumer has the option to decline Yellow Data and Red Data requests.

Yellow Data and Red Data require a valid reason for each field.

For instance, Yellow Data contains "Date Of Birth" field. If some website needs to access that data, then a valid reason is required from them. e.g. "Adult website. For age verification" is a valid reason. But "To send birthday wishes" is not.

Field Description
Date of Birth We put the "DOB" field in the "Yellow" category because it requires moderate privacy. e.g. Search results for "Name: John Smith" => 10,000 results. Search results for "Name: John Smith and DOB: 05/05/1985" => 2 results.
Country We put the "Country" field in the "Yellow" category because it also requires moderate privacy. e.g. Some websites may block users from a certain country. Users usually bypass that by faking the IP address with a "Proxy". So giving country data to the website in "Green Data" is not a good idea
Social Links Social Links are put in "Yellow" category because social profiles are prone to stalking.

Red Data

Red Data contains highly sensitive fields. Phone Number, Billing Address, Shipping Address

These data will be helpful when signing up for e-commerce websites

Again.. the consumer has the option to decline the Red Data request.

And Red Data requires a valid reason for each field.

A portal that requests access for at least one "Red Data" field is called "Red Portal"

A portal that requests access for at least one "Yellow Data" data but not "Red Data" fields is called "Yellow Portal"

A portal that requests access for only "Green Data" fields is called "Green Portal". By default, all portals have full access to this data.