Forum Discussion

John_AlbertGine's avatar
Qrew Member
2 years ago

'Sign-in required' XML message when editing a record through email

Hi Guys,

I need your help and inputs given the following:


Our QuickBase app is designed to send out mails to users when a user needs to 'Approve' a certain record in one of the tables.
The goal is to enable users to 'Approve' from email (whether the user is initially logged-in or not before clicking the 'Approve' button).
  1. To do this, we created a 'Rich Text' field named [Approve for Email] which is then used in a table's 'Notifications'
  2. Below is how the formula [Approve for Email] looks like:
"https://<domain><DB_ID>" & "?a=API_EditRecord" &
"&apptoken=<APPTOKEN>&rid=" & [Record ID#] &
"&_fid_13=Yes" &
"&_fid_262=Approved" &
"&rdr=" & URLEncode("https://<domain><DB_ID>?a=dbpage&pageID=35")​

The [Approve for Email] field behaves as follows when used in 'Notification' mails:
  1. A user clicking on the [Approve for Email] is able to 'Approve' if he/she is logged-in to QuickBase before clicking on the mail from mail client
  2. A user clicking on the [Approve for Email] is NOT able to 'Approve' if he/she is NOT logged-in to QuickBase before clicking on the mail from mail client
    1. The following message is received when this happens
    2. <qdbapi>
      <errtext>Sign-in required</errtext>
      <errdetail>The page you have requested can be viewed only by users who have signed in. Please sign in to proceed.</errdetail>

We tried adding a 'usertoken' parameter into the [Approve for Email] field. With this;
  1. QuickBase then now redirects to the login page before actually doing the actions designed for the field to do
  2. The consequence is then that the 'Last modified by' now appears as the one who owns the 'usertoken' and not the one who logged-in. We need it to be the one who logged-in. 

Please let me know your inputs and if you guys need more details to look into this further. :)


John Albert Ginete

1 Reply

  • Hello, I'm not sure this will work, but it's the first thing that comes to mind.

    I would try sending the user's email in the api_edit string:

    "&_fid_ZZZZZZ = " + [userEmail]    where ZZZZZ = field id for "Last Modified By"

    Being consistent this should not work, but sometimes it is not superfluous to do tests no matter how "strange" they seem.

    Marcelo Benavides Torres