How can form fields be embedded in a notification

  • 0
  • 2
  • Question
  • Updated 2 years ago
  • Doesn't Need an Answer
I need to create a bid notification email to go out to a determined email recipient...this is done
I then need to embed one form field in the email so that they can simply click "Accept" or "Decline" and have this populate the bid opportunity.

Step two...I then need to send an email to the customer with our acceptance or decline....this should not be a problem for me after the first is done.

I would like the first step to work without the person having to log in. The person that started this app has this option setup with two field links embedded in the notification and using an API call. Problem when I click either link is I get the XML code and it says I have to be logged in to do this.....I am logged in...?????

I really want this to work from the email since some people may be traveling and would not be logged in to the system and also to prevent the need for multiple user accounts.
Photo of Joey Zint

Joey Zint

  • 1,508 Points 1k badge 2x thumb

Posted 2 years ago

  • 0
  • 2
You can build authentication into your accept and decline buttons.
Photo of QuickBaseCoach App Dev./Training

QuickBaseCoach App Dev./Training, Champion

  • 51,546 Points 50k badge 2x thumb
Joey, contact me off line if you need help building those buttons.
(Edited)
Photo of Matthew Neil

Matthew Neil

  • 31,438 Points 20k badge 2x thumb
Overall, In order to have these button happen without a sign in, you would need to include 2 types of authentication, that are build into the button.

Door 1:
You would need a Ticket AND a Token.

The ticket can have an expiration date/time of 12 hours, unless you want to set a shorter or longer window for the button to work in the email.  Keep in mind that if you make it longer, anybody with that token and ticket (that is in the URL) can do basically anything with your app.  So its not really secure, if somebody wanted to be malicious.

Door 2:
Have an "Open to the Internet" app, that allows people to edit records on the 'Accept/Decline' table in question.  You would then only need to provide an app token in the button, and have a bit more security to your data.  But, again, anybody that gets that url can basically get access to your app and home pages.  So again, its not a very secure option.

Door 3:
Use a portal Add-on, where the person has a specific username & password (these would not count as QB users, and you could have 500 without paying).  Then they would have access to the records they need to approve, and you can control what they see/do more without compromising your app security.

Door 4: (which would take a power user to pull off successfully),
Is build a separate app (that is open to the internet), with a sync table of all the data from your real table in the main app, then the button that goes out, will send them to that one table app, that has the approve/decline button.  You could even just sync the key data that they need.  Then make a few webhooks to (1) trigger the email and (2) update the main app when the button is accepted or decline.  This give you a layer of protection, but again, requires quite a bit of set up. 

Which door do you like?
Photo of QuickBaseCoach App Dev./Training

QuickBaseCoach App Dev./Training, Champion

  • 51,546 Points 50k badge 2x thumb
Matthew, isn't a other option to build in auththetication into the button itself, with a userid and password? One would use a userid ina Role which has very limited editing abilities.
Photo of Matthew Neil

Matthew Neil

  • 31,438 Points 20k badge 2x thumb
So basically you'd be paying for a user license and in essence still open that app to the internet.  Doesn't accomplish any more security, and just cost you money.
(Edited)
Photo of Joey Zint

Joey Zint

  • 1,508 Points 1k badge 2x thumb

That user could be someone already registered as a user...Ultimately this option is only for internal personnel but could be used for outside customers and contractors at some point

Photo of Matthew Neil

Matthew Neil

  • 31,438 Points 20k badge 2x thumb
if they are already users, you wont even need to put the authentication in the button.  They'll use their own username to login, that way you can see who edits the record.
Photo of Matthew Neil

Matthew Neil

  • 31,438 Points 20k badge 2x thumb
Your original questions says you get an error, even when you are logged in.  What is your formula url look like?

That might be the root of all this.
Photo of Joey Zint

Joey Zint

  • 1,508 Points 1k badge 2x thumb

URLRoot() & "db/" & Dbid() & "?act=API_EditRecord&apptoken=cwfcy7gdzqrsyncqbi2bn4u4kr&_fid_66=1&rid=" & [Record ID#] & "&rdr=" & URLEncode(URLRoot() & "db/" & Dbid() & "?act=dr&rid=" & [Record ID#])

I took this app over from another person and am trying to put in a lot of automated emails based on triggers. I just found an issue that I did not see and that was a lot of form rules to change fields based on the Accept or Declined option in the email. I just had to turn them all of due to issues of data being hidden. I am having to regroup, do my updates and then I will have to dig back into this.

Basically they had two links in the email....Accept or Decline. The trigger the url above (this one is for accept), that in turn change the status of the request as well as changed a couple of drop downs in the form....I have broken it!

I did not review the entire app and format....lots of fun now!


Photo of Matthew Neil

Matthew Neil

  • 31,438 Points 20k badge 2x thumb
Well good luck with the app you inherited, and post back if you have any other questions.

Personally I find it harder to understand somebody else's app, then building my own new one.  So I don't envy you. 
Photo of Joey Zint

Joey Zint

  • 1,508 Points 1k badge 2x thumb
Well, I am on the verge of just that very thing....would not be the first one I have scrapped and started new on.