docs: add prebuilt Account Center UI documentation (#1354)

wangsijie · web-flow · commit 60d5742a24da · 2026-02-14T10:14:28.000+08:00
Add documentation for Logto's prebuilt Account Center UI feature.
diff --git a/docs/end-user-flows/account-settings/README.mdx b/docs/end-user-flows/account-settings/README.mdx
@@ -8,27 +8,52 @@ import GearIcon from '@site/src/assets/gear.svg';
 
 # Account settings
 
-Logto provides a two collection of account settings APIs to allow users to manage their account and profiles stored in Logto.
+Logto provides multiple ways to let users manage their account and profiles stored in Logto.
 
-## Use Account APIs (Recommended) \{#use-account-apis-recommended}
+## Use prebuilt Account Center UI (Recommended) \{#use-prebuilt-account-center-ui-recommended}
 
-Logto’s Account APIs are ready-to-use, front-end endpoints that let end users securely view and update their own information with built-in permission checks. Simply embed them in your client application to power a polished, self-service account settings page.
+Logto provides a prebuilt Account Center UI that offers ready-to-use pages for end users to manage their account settings. This is the fastest way to add account management to your application.
+
+Key features:
+
+- **Zero development effort**: Ready-to-use pages that work out of the box.
+- **Consistent experience**: Matches the look and feel of Logto's sign-in experience.
+- **Security built-in**: All verification flows and security measures are handled automatically.
+- **Full functionality**: Supports updating email, phone, username, password, and MFA settings.
+
+<DocCardList
+  items={[
+    {
+      type: 'link',
+      label: 'Use prebuilt Account Center UI (Recommended)',
+      href: '/end-user-flows/account-settings/by-account-center-ui',
+      description: 'Learn how to integrate Logto prebuilt Account Center UI into your application.',
+      customProps: {
+        icon: <GearIcon />,
+      },
+    },
+  ]}
+/>
+
+## Use Account APIs \{#use-account-apis}
+
+Logto's Account APIs are ready-to-use, front-end endpoints that let end users securely view and update their own information with built-in permission checks. Use this when you need to build a custom account settings page with your own UI.
 
 Key features:
 
 - **End-user settings**: Users manage their own sign-in identifiers and credentials, social accounts, MFA methods, and profile data.
 - **Client-side integration**: Designed for safe, direct use in your front-end.
-- **Minimal setup**: Turnkey endpoints without custom server required.
+- **Full customization**: Build your own UI while leveraging Logto's secure APIs.
 - **Permission control**: Toggle which Account APIs are enabled via Management API settings.
 
 <DocCardList
   items={[
     {
       type: 'link',
-      label: 'Use Logto Account APIs (Recommended)',
+      label: 'Use Logto Account APIs',
       href: '/end-user-flows/account-settings/by-account-api',
       description:
-        'Learn more about how to use the user Account APIs to build your own account settings page.',
+        'Learn how to use the Account APIs to build your own custom account settings page.',
       customProps: {
         icon: <GearIcon />,
       },
@@ -61,13 +86,14 @@ Key features:
   ]}
 />
 
-## Account API vs. Management API \{#account-api-vs-management-api}
+## Comparison of account settings options \{#comparison-of-account-settings-options}
 
-| Feature                | Account APIs                                                                                        | Management APIs                                                                                                                      |
-| ---------------------- | --------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ |
-| **Intended user**      | End users                                                                                           | Admins / Developers                                                                                                                  |
-| **Access context**     | Client-side / front-end                                                                             | Server-side / back-end                                                                                                               |
-| **Permission model**   | Toggle which Account APIs are enabled via Management API.                                           | Fully customizable by developers                                                                                                     |
-| **Supported features** | View, update, and delete: username, email, phone, password, social accounts, MFA, profile           | All basic settings + Delete/suspend/restore account, Personal access tokens, user impersonation, connect OAuth apps, etc.            |
-| **Setup complexity**   | Very low (plug-and-play)                                                                            | Medium to high (requires custom implementation)                                                                                      |
-| **When to use**        | To quick launch a secure, self-service account settings page in your client app with minimal setup. | When Account APIs don’t meet your needs. E.g., for complex account deletion logic, high-risk actions, or building back-office tools. |
+| Feature                | Prebuilt Account Center UI                                                   | Account APIs                                                                              | Management APIs                                                                                                                     |
+| ---------------------- | ---------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------- |
+| **Intended user**      | End users                                                                    | End users                                                                                 | Admins / Developers                                                                                                                 |
+| **Access context**     | Redirect to Logto-hosted pages                                               | Client-side / front-end                                                                   | Server-side / back-end                                                                                                              |
+| **Permission model**   | Toggle which fields are enabled via Account center settings                  | Toggle which Account APIs are enabled via Management API                                  | Fully customizable by developers                                                                                                    |
+| **Supported features** | Update: email, phone, username, password, MFA (TOTP, passkeys, backup codes) | View, update, and delete: username, email, phone, password, social accounts, MFA, profile | All basic settings + Delete/suspend/restore account, Personal access tokens, user impersonation, connect OAuth apps, etc.           |
+| **UI customization**   | Inherits sign-in experience branding                                         | Full customization (build your own UI)                                                    | Full customization (build your own UI)                                                                                              |
+| **Setup complexity**   | None (just link to prebuilt pages)                                           | Low (use APIs with your UI)                                                               | Medium to high (requires custom implementation)                                                                                     |
+| **When to use**        | For the fastest way to add account management without building custom pages  | When you need custom UI but want to leverage Logto's secure APIs                          | When Account APIs don't meet your needs. E.g., for complex account deletion logic, high-risk actions, or building back-office tools |
diff --git a/docs/end-user-flows/account-settings/by-account-center-ui.mdx b/docs/end-user-flows/account-settings/by-account-center-ui.mdx
@@ -0,0 +1,152 @@
+---
+description: Learn how to use Logto's prebuilt Account Center UI to let users manage their accounts
+sidebar_position: 2
+---
+
+# Account settings by prebuilt Account Center UI
+
+## What is the prebuilt Account Center UI \{#what-is-the-prebuilt-account-center-ui}
+
+Logto provides a prebuilt Account Center UI that offers ready-to-use pages for end users to manage their account settings. This prebuilt UI is hosted by Logto and handles common account management tasks including:
+
+- Updating email address
+- Updating phone number
+- Updating username
+- Setting or updating password
+- Managing MFA settings (TOTP authenticator app, passkeys, backup codes)
+
+The prebuilt Account Center UI is designed to work seamlessly with your application, providing a consistent user experience without requiring you to build custom account management pages.
+
+## Benefits of using the prebuilt UI \{#benefits-of-using-the-prebuilt-ui}
+
+- **Zero development effort**: Ready-to-use pages that work out of the box
+- **Consistent experience**: Matches the look and feel of Logto's sign-in experience
+- **Security built-in**: All verification flows and security measures are handled automatically
+- **Always up-to-date**: New features and security improvements are automatically available
+
+## Available pages \{#available-pages}
+
+The prebuilt Account Center UI provides the following pages, all accessible under the `/account` path of your Logto tenant endpoint:
+
+| Path                             | Description                       |
+| -------------------------------- | --------------------------------- |
+| `/account/email`                 | Update primary email address      |
+| `/account/phone`                 | Update primary phone number       |
+| `/account/username`              | Update username                   |
+| `/account/password`              | Set or update password            |
+| `/account/passkey/add`           | Add a new passkey (WebAuthn)      |
+| `/account/passkey/manage`        | View and manage existing passkeys |
+| `/account/authenticator-app`     | Set up TOTP authenticator app     |
+| `/account/backup-codes/generate` | Generate new backup codes         |
+| `/account/backup-codes/manage`   | View and manage backup codes      |
+
+For example, if your tenant endpoint is `https://example.logto.app`, the email update page would be available at `https://example.logto.app/account/email`.
+
+## How to use the prebuilt UI \{#how-to-use-the-prebuilt-ui}
+
+### Step 1: Enable Account API \{#step-1-enable-account-api}
+
+The prebuilt Account Center UI relies on the Account API. Navigate to <CloudLink to="/sign-in-experience/account-center">Console > Sign-in & account > Account center</CloudLink> and enable the Account API.
+
+Configure the field permissions according to your needs:
+
+- Set fields to `Edit` to allow users to modify them
+- Set fields to `ReadOnly` if users should only view them
+- Set fields to `Off` to hide them completely
+
+### Step 2: Link to prebuilt pages from your application \{#step-2-link-to-prebuilt-pages}
+
+To use the prebuilt Account Center UI, you need to redirect users from your application to the appropriate Logto pages. There are two approaches:
+
+#### Approach A: Direct linking with redirect parameter \{#approach-a-direct-linking}
+
+Add links in your application that redirect users to the prebuilt pages. Include a `redirect` query parameter to bring users back to your app after they complete the action:
+
+```
+https://[tenant-id].logto.app/account/email?redirect=https://your-app.com/settings
+```
+
+When users complete updating their email, they will be redirected back to `https://your-app.com/settings`.
+
+#### Approach B: Embedding in your account settings flow \{#approach-b-embedding}
+
+You can integrate the prebuilt pages into your existing account settings workflow:
+
+1. In your app's account settings page, show the user's current information
+2. Provide "Edit" or "Update" buttons that link to the corresponding prebuilt pages
+3. After the user completes the action, they are redirected back to your app
+
+Example implementation:
+
+```tsx
+function AccountSettings() {
+  const tenantEndpoint = 'https://example.logto.app';
+  const redirectUrl = encodeURIComponent(window.location.href);
+
+  return (
+    <div>
+      <h2>Account Settings</h2>
+
+      <div>
+        <span>Email: user@example.com</span>
+        <a href={`${tenantEndpoint}/account/email?redirect=${redirectUrl}`}>Update Email</a>
+      </div>
+
+      <div>
+        <span>Password: ••••••••</span>
+        <a href={`${tenantEndpoint}/account/password?redirect=${redirectUrl}`}>Change Password</a>
+      </div>
+
+      <div>
+        <span>MFA: Not configured</span>
+        <a href={`${tenantEndpoint}/account/authenticator-app?redirect=${redirectUrl}`}>
+          Set up Authenticator
+        </a>
+      </div>
+    </div>
+  );
+}
+```
+
+### Step 3: Handle success redirects \{#step-3-handle-success-redirects}
+
+After users complete an action, they will be redirected to your specified URL with an optional `show_success` query parameter. You can use this to display a success message:
+
+```tsx
+function SettingsPage() {
+  const searchParams = new URLSearchParams(window.location.search);
+  const showSuccess = searchParams.get('show_success');
+
+  return (
+    <div>
+      {showSuccess === 'email' && <div>Email updated successfully!</div>}
+      {showSuccess === 'password' && <div>Password updated successfully!</div>}
+      {/* ... rest of your settings page */}
+    </div>
+  );
+}
+```
+
+## Security considerations \{#security-considerations}
+
+The prebuilt Account Center UI includes built-in security measures:
+
+- **Identity verification**: Before making sensitive changes (email, phone, password, MFA), users must verify their identity using their current password or existing verification method
+- **Verification codes**: Email and phone updates require verification codes sent to the new address/number
+- **Session validation**: All operations validate the user's session to prevent unauthorized access
+
+## Customization options \{#customization-options}
+
+The prebuilt Account Center UI inherits the branding from your sign-in experience settings, including:
+
+- Logo and colors
+- Dark/light mode
+- Language settings
+
+If you need more customization beyond what the prebuilt UI offers, consider using the [Account API](/end-user-flows/account-settings/by-account-api) to build your own custom account management pages.
+
+## Related resources \{#related-resources}
+
+- [Account settings by Account API](/end-user-flows/account-settings/by-account-api) - Build custom account management with full API control
+- [Account settings by Management API](/end-user-flows/account-settings/by-management-api) - Admin-level account management
+- [MFA configuration](/end-user-flows/mfa) - Set up multi-factor authentication
