18 December 2025 (v2.148)

ReachFive v2.148 brings a few new features:

And as always, we made some general improvements and fixed a few items for you.


Identify Login as users

When a user logs in as another user, ReachFive now clearly identifies the login-as user in the user event and in an access token claim. This makes it easier to track actions performed by login-as users for security and auditing purposes.

How does it work? 🤔

You can pass an optional name query parameter in the GET /users/:id/login-as endpoint. This name is then included in the https://reach5.co/login-as-name claim in the access token and also appears in a login user event with the auth_type: login_as under login_as_profile_id.

  • Management API

  • ReachFive Console

  • User event 

GET /users/:id/login-as?name=JohnDoe (1)
1 Here, JohnDoe is the name of the user performing the login-as action. This appears in the user event and in the access token claims as https://reach5.co/login-as-name.

If logging in as a user from the ReachFive Console, the https://reach5.co/login-as-name access token claim is automatically taken from the email of the console user.

Login-as user event example 
{
  "date": "2025-11-07T09:54:34.183123Z",
  "type": "login", (1)
  "id": "AWUTz0naD6KwGSiAAIMN",
  "user_id": "550e8400-e29b-41d4-a716-446655440000",
  "auth_type": "login_as", (2)
  "login_as_profile_id" : "JohnDoe", (3)
...
}
1 The event type is login, indicating a login action.
2 auth_type will be equal to login_as.
3 The login_as_profile_id will display the name passed in the Management API call or the ReachFive Console user email depending on the method used.

For full details, see Login as.


New lite_only variable for Password Reset email templates

We’ve introduced a new lite_only variable for password reset email templates. This variable allows you to customize the content of password reset emails specifically for lite profiles.

For example, you can use the lite_only variable to include instructions or information that is relevant only to users with lite profiles such as full account activation.

  • SMTP template

  • Custom provider 

{% if user.lite_only %}
  <h1>Complete your account setup</h1>
  <p>Thanks for visiting our store! Click below to create a password and access your loyalty points.</p>
  <a href="{{link}}">Activate Account</a>

{% else %}
  <h1>Reset your password</h1>
  <p>We received a request to change your password. Click below to proceed.</p>
  <a href="{{link}}">Reset Password</a>

{% endif %}
{
  "email": "clarence@example.com",
  "template_id": "password_reset",
  "personalizations": {
     "id": "id",
     "client_id": "jQy...TGlj",
     "external_id": "externalId",
     "given_name": "Max",
     "last_name": "Robertson",
     "gender": "M",
     "has_password": true,
     "lang": "fr",
     "locale": "fr-FR",
     "verification_code": "verificationCode",
     "redirect_url": "https://www.example.com/redirect",
     "lite_only": true, (1)
     "custom_fields": {
        "loyalty_id": "123456"
      }
  }
}
1 The lite_only boolean is only included in the payload for the password_reset template to customize the email content for lite profiles.


General improvements

  • For users configuring Data Breach Detection in the ReachFive Console, when navigating to the email or SMS templates, you now jump straight to the proper template instead of the generic page.


Fixes

Item Fixed

In some limited cases, when there were quick sign ups with social login, duplicated profiles occurred. This has been resolved.

There was a minor inconsistency with IDs in the Identities object in the response of the POST /update-profile endpoint.

The MISSING filter was temporarily not working on consent-related endpoints.

ReachFive Console

In some cases, certain UI elements would break when using full text search for custom fields with Account synchronization (ICE): Profile sharing.

We fixed a few other minor UI issues related to International Consumer Experience.