Give investors self-service access to view their notes, balances, accrued interest, statements, tax documents, and account preferences through a secure web portal.
The investor portal is a self-service web application at /portal/ that allows investors to view their investment information without contacting staff. The portal reduces support calls and gives investors 24/7 access to their account data.
View active notes with current principal, accrued interest, and payment history.
Download monthly and quarterly statements in PDF format.
Access 1099-INT forms, certificates, and correspondence.
Investors log in at https://cefcore.com/portal/ using credentials issued by fund staff. Authentication uses the same JWT-based system as the main application with role-based access control.
| Component | Details |
|---|---|
| URL | https://cefcore.com/portal/ |
| User Role | CUSTOMER -- restricted role with read-only access to own data |
| Authentication | JWT bearer token with 24-hour access tokens and 7-day refresh tokens |
| Entity Linking | User is linked to a CRM entity via crm.user_entity_link |
| Data Isolation | Row-level security (RLS) ensures investors only see their own notes and documents |
Important: Investor accounts must be created by fund staff through the admin interface. Investors cannot self-register. Staff creates the user in Admin → Users, assigns the CUSTOMER role, and links the user to the investor's CRM entity via crm.user_entity_link.
Follow these steps to grant an investor access to the portal:
entity_id.CUSTOMER role.crm.user_entity_link table./portal/ and confirm they can see their notes. The entity-based RLS automatically filters data to show only their linked notes.The portal is organized into nine pages accessible from the portal navigation. Each page displays data filtered by the investor's linked entity.
Summary view showing total invested principal, total accrued interest across all notes, number of active notes, and recent activity.
List of all investor notes with current balances, interest rates, maturity dates, and status. Click any note to see full details including payment history and accrual records.
Monthly and quarterly statements available for download as PDF. Statements show beginning balance, interest accrued, payments received, and ending balance for each period.
Repository for tax documents (1099-INT forms), investment certificates, maturity notices, renewal confirmations, and other correspondence.
Investors can update their contact information, communication preferences (email/mail), and change their password.
The investor portal enforces strict data isolation to ensure investors can never access another investor's data. Security is implemented at multiple layers.
All portal API requests require a valid JWT bearer token. Tokens are issued at login with a 24-hour expiration and can be refreshed for up to 7 days. Tokens contain the user's ID, role, and linked entity IDs.
Database queries are filtered by the authenticated user's entity_ids extracted from the JWT. PostgreSQL RLS policies on the investor_notes, portal.customer_document, and portal.notification tables enforce this at the database level.
The CUSTOMER role has read-only access to a limited set of portal-specific API endpoints. CUSTOMER users cannot access any admin, GL, CRM, or loan management endpoints.
For programmatic integration, investors can be issued API keys with cefk_ prefix. Keys are stored as SHA-256 hashes in portal.api_key with configurable scopes.
The customer portal uses the following API endpoints. All require JWT authentication with the CUSTOMER role.
| Method | Endpoint | Description |
|---|---|---|
GET | /api/v1/customer-portal/dashboard | Summary data: total invested, accrued interest, note count |
GET | /api/v1/customer-portal/notes | List investor's notes with balances (filtered by entity RLS) |
GET | /api/v1/customer-portal/notes/:id | Detailed note view with payment history |
GET | /api/v1/customer-portal/statements | List available statements |
GET | /api/v1/customer-portal/documents | List tax documents, certificates, correspondence |
GET | /api/v1/customer-portal/documents/:id/download | Download a specific document (PDF) |
GET | /api/v1/customer-portal/notifications | List unread notifications (maturity notices, etc.) |
PUT | /api/v1/customer-portal/profile | Update contact info and communication preferences |
Fund administrators manage investor portal access through the admin interface. Common tasks include:
portal.customer_document. These appear immediately in the investor's Documents section.portal.notification for maturity reminders, rate changes, or general announcements. Investors see these on their dashboard.crm.user_entity_link is correct. A missing or incorrect link means the investor will see no data.Solution: Check the crm.user_entity_link table. The user must be linked to the correct investor entity. Verify the entity_id matches the investor's notes.
Solution: Verify the user account is active in Admin → Users. Check that the role is set to CUSTOMER. Reset the password if needed.
Solution: Check the statement generation job in Admin → Monitoring. If the job failed, re-run it manually for the missing period. Statements are generated from accrual and payment data.
Solution: This should never happen due to RLS. If it does, immediately check the crm.user_entity_link for the affected user -- the wrong entity_id may be linked. This is a critical security issue that must be resolved immediately.
Learn how investor notes integrate with the general ledger, chart of accounts, and financial reporting.
Chart of Accounts Guide