SmallPict uses a secure, passwordless authentication flow to connect your WordPress site to our cloud infrastructure. Instead of creating and managing complex passwords, we use a simple One-Time Password (OTP) sent directly to your email.

How It Works

When you first install and activate the SmallPict plugin, you will be prompted to connect your site to our service.

Step 1: Request OTP

1. Go to the SmallPict menu in your WordPress dashboard.
2. Enter your email address in the connection prompt.
3. Click Connect to SmallPict.

Behind the scenes, the plugin securely requests an OTP from our authentication API. You will receive an email containing a 6-digit code.

Step 2: Verify OTP

1. Check your email inbox (and spam folder) for the 6-digit code.
2. Enter the code into the verification field on the WordPress dashboard.
3. Click Verify Code.

[!NOTE] For your security, OTP codes expire after 15 minutes. If your code expires, you can simply request a new one from the dashboard.

Step 3: Automatic Provisioning

Once verified, the SmallPict API automatically:

• Provisions a secure API Key unique to your WordPress site.
• Securely stores this key within your WordPress database.
• Registers your site's URL with your SmallPict account.

You never have to manually copy, paste, or manage API keys.

Managing Your Connection

Disconnecting

If you ever need to disconnect your site (for example, when moving to a new domain), simply go to the SmallPict Settings and click Disconnect. This revokes the API key and safely clears local configuration.

Rotating Keys

If you suspect your API key has been compromised, you can rotate your key from the SmallPict dashboard. This generates a new secure key and updates your WordPress site automatically without requiring you to re-verify your email.