| Goal | Understand how local accounts, the central shared database, contact methods, access tiers, and opt-in work together. |
| Time | About 5 minutes (reading only) |
| Prerequisites | Getting Started |
Two places accounts can live
When someone signs up on your website, their account is always saved locally on your machine first. Optionally, it can also be saved to the central Dodo Suite database so the player can use the same account on other Dodo Suite websites. If you're using The Dodo Way or another (future) theme provided by HostHelper then players see the opt-in when signing up and on /token-profile.html when logged in. This can't be turned off unless you've developed a custom theme. See Custom Theme Development and HostHelper for more information.
Local accounts (always on)
Every Dodo Token account is stored in Super Dodo Terminal's local data directory as dodo-token-accounts.json. This means:
- Accounts exist on your computer.
- You have full control over banning, notes, access tiers, and everything else.
- If a player only visits your site, their local account is all they need.
Central accounts (opt-in)
The Dodo Suite has a shared central database hosted on Cloudflare. When a player opts in:
- Their email, token, contact info, preferred contact type, player/island pairs, player icon, and date of birth are sent to the central database.
- They can log in to any Dodo Suite website without creating a new account each time.
The host does not need to do anything special to support this. SDT handles the sync automatically if the central API key is configured. The key is embedded in release builds. The DODO_SUITE_CENTRAL_API_KEY environment variable is only used if you want to create your own central database not connected to The Dodo Suite. The Dodo Suite's central database cannot be accessed externally.
Why?
The central database was implemented to make subscriptions possible on team websites. Without it, the system has no way to know which account should be flagged as subscribed when a player purchases a subscription tied to a team member (not the HubHost). Players are automatically prompted to opt in if they try to subscribe to a team member. You don't need to do anything to support this.
What a Dodo Token account stores
Each local account record includes:
- Email and Dodo Token (login credentials).
- Contact methods (up to 6 entries, plus a preferred contact type).
- Player/island pairs (up to 8 player name + island name combos).
- Date of birth (used for age verification at signup and for token recovery).
- Player icon.
- Access tier: Free, Paid, or Banned.
- Subscription info: tier name and paid access expiration date (when applicable).
- Rules agreement: timestamp of when the player accepted your site rules.
- Messages: host-sent messages the player can view on their profile.
- Central account ID: empty for local-only accounts, populated when linked to the central database.
- Discord user ID: populated if linked via Discord.
- Ban note and timestamp (when applicable).
How contact methods work
When a player signs up or edits their profile, they can provide multiple ways for the host to reach them outside email.
Supported contact types
- Discord
- Twitch
- TikTok
- YouTube
A maximum of 6 contact entries can be saved per account.
Contact modes
The host controls which contact types are shown on signup and profile pages. SDT supports two modes:
- SingleRequired: the host picks one required contact type (e.g. Facebook). Only that field is shown on the signup form.
- SelectAllowed: the host enables multiple types. Players see all enabled types and fill in whichever ones they want.
These settings are stored in identity-settings.json in SDT's website data directory. They can also be configured through Dodo Builder's Token Signup tab in HostHelper.
Host-preferred contact methods
Hosts can mark up to 2 contact methods as preferred. On the website, those fields are highlighted so players know which ones matter most.
Preferred method (player's choice)
Below the contact fields, there is a "Preferred method" dropdown. This lets the player pick which contact method they'd like the host to try first. Only methods that have a value filled in appear in the dropdown.
The opt-in flow
During signup
There is a checkbox on the signup page:
"I'd like my login to work on other websites made with The Dodo Suite."
If the player checks this, their account is created locally and in the central database at the same time. If the central create fails for any reason, the signup still succeeds as a local-only account.
From their profile
If a player skipped the opt-in during signup, they can opt in later from their profile page. When they click "Link my account," SDT checks whether the email already exists in the central database:
- If it already exists, SDT logs in with the player's token to link the existing central account.
- If it does not exist, SDT creates a new central account.
Once linked, the account's central ID is saved locally.
How login works
When a player logs in on your website:
- SDT looks up the email in the local account list. If no local account exists, login is denied.
- If the account has a central account ID and the central API is available, SDT tries a central login. On success, profile data (contacts, player/island pairs, icon) can sync from the central copy.
- If the central API is unavailable or fails, SDT falls back to comparing the token against the locally stored token.
- If the account is banned, login is denied regardless.
After a successful login, SDT records the visit to the central database (if the account is linked) so the player can see which Dodo Suite sites they've used.
Token reset and recovery
Forgot Token (reset)
If a player forgets their token, they can request a new one. This requires:
- Their email.
- A matching contact value (must match what's on file).
- Their date of birth (must match what's on file).
If the account is linked to the central database, SDT tries to reset the token centrally first. If that fails, it generates a new token locally. Either way, the old token stops working immediately.
Recovery
Account recovery uses email, contact info, and player/island pairs to verify identity and issue a new token.
Both flows are rate-limited to 5 attempts per 10 minutes per IP address.
Account deletion
Players can delete their account from their profile page. This only removes the local account from that host's site.
If the player also wants to delete their central account, they need to log in at thedodosuite.com and delete it from there separately. This is intentional: a player might want to leave one site but keep their account on others.
Access tiers and banning
Access tiers
Every account has an access tier:
- Free: the default tier for all new accounts.
- Paid: set automatically when a PayPal subscription or one-time payment is processed. One-time payments grant lifetime access.
- Banned: blocks the account from logging in and using any Dodo Token features.
Banning
You can ban accounts from HostHelper's Account & Ban Manager (found in the Website Server tab). Banning an account sets its access tier to "Banned," which blocks login entirely. The ban is also synced to SDT's local account file so both apps stay in sync.
NID ban tracking
When you ban an account, HostHelper automatically records any verified Nintendo IDs (NIDs) linked to that account. If the banned player creates a new account and verifies their NID through a queue visit, HostHelper recognizes the NID and automatically bans the new account as well. This prevents players from evading bans by simply creating a new account.
Banned NIDs are stored locally in banned_nids.json. Unbanning an account does not remove its NIDs from the banned list. If you want to allow a previously banned NID to be used again, you would need to remove it from that file manually.
Host directory and visit tracking
Host directory
Hosts can register their website in the central Dodo Suite directory. SDT sends:
- A host ID and host secret (generated locally).
- A display name, website URL, and description.
SDT sends periodic heartbeats to keep the listing active. Hosts can also remove their site from the directory.
Visit tracking
When a central-linked player logs in or signs up, SDT records the visit (account ID, host ID, and website URL) with the central database. This lets the player see which Dodo Suite sites they've visited, so they can navigate to each site to manage or delete their accounts if needed.
Subscriptions
When a PayPal event fires (such as a subscription being created, a payment completing, or a cancellation), SDT updates the local account's access tier accordingly. Subscriptions only apply to the site they were purchased on (or the team site they belong to, communicated via team feed JSONs). The central database is not involved in subscription handling.
NID verification (HostHelper)
HostHelper tracks Nintendo IDs on player console records. Islands can be configured to require NID verification before showing Dodo codes to visitors. If a visitor has not verified their NID for any of their consoles, they'll see a verification prompt instead of the island code.
NID verification also ties into NID ban tracking. When a player verifies their NID through a queue visit, HostHelper checks whether that NID belongs to a previously banned account. If it does, the new account is automatically banned.
For hosts: what you need to know
- You don't have to do anything for local accounts. They just work.
- Central database support is automatic if the API key is configured. Release builds have it embedded; for development you can set the
DODO_SUITE_CENTRAL_API_KEYenvironment variable. - Contact methods are configured in Dodo Builder's Token Signup tab or directly in
identity-settings.json. Pick which types to allow and which 2 you prefer. - Player data flows from your website to SDT (local), then to the central database if the player opted in. You always have the local copy.
- The central database is optional for players. Some will opt in, some won't. Both work fine on your site.
- Signup is rate-limited to 5 signups per 10 minutes per IP address. Token resets have the same limit.
Related pages
- HostHelper: how HostHelper displays islands and manages access
- Site Setup on Set Up Your Dodo Suite: Stable Domain Setup, Dodo Site Setup, and Dodo Site Editing (domains and Cloudflare)
- Your Website: website setup guides
- Monetization: subscription tiers and PayPal integration
