I need to create a bid notification email to go out to a determined email recipient...this is doneI then need to embed one form field in the email so that they can simply click "Accept" or "Decline" and have this populate the bid opportunity.Step two...I then need to send an email to the customer with our acceptance or decline....this should not be a problem for me after the first is done.I would like the first step to work without the person having to log in. The person that started this app has this option setup with two field links embedded in the notification and using an API call. Problem when I click either link is I get the XML code and it says I have to be logged in to do this.....I am logged in...?????I really want this to work from the email since some people may be traveling and would not be logged in to the system and also to prevent the need for multiple user accounts.

You can build authentication into your accept and decline buttons.

Joey, contact me off line if you need help building those buttons.

Overall, In order to have these button happen without a sign in, you would need to include 2 types of authentication, that are build into the button.Door 1:You would need a Ticket AND a Token.The ticket can have an expiration date/time of 12 hours, unless you want to set a shorter or longer window for the button to work in the email. Keep in mind that if you make it longer, anybody with that token and ticket (that is in the URL) can do basically anything with your app. So its not really secure, if somebody wanted to be malicious.Door 2:Have an "Open to the Internet" app, that allows people to edit records on the 'Accept/Decline' table in question. You would then only need to provide an app token in the button, and have a bit more security to your data. But, again, anybody that gets that url can basically get access to your app and home pages. So again, its not a very secure option.Door 3:Use a portal Add-on, where the person has a specific username & password (these would not count as QB users, and you could have 500 without paying). Then they would have access to the records they need to approve, and you can control what they see/do more without compromising your app security.Door 4: (which would take a power user to pull off successfully),Is build a separate app (that is open to the internet), with a sync table of all the data from your real table in the main app, then the button that goes out, will send them to that one table app, that has the approve/decline button. You could even just sync the key data that they need. Then make a few webhooks to (1) trigger the email and (2) update the main app when the button is accepted or decline. This give you a layer of protection, but again, requires quite a bit of set up. Which door do you like?

Matthew, isn't a other option to build in auththetication into the button itself, with a userid and password? One would use a userid ina Role which has very limited editing abilities.

So basically you'd be paying for a user license and in essence still open that app to the internet. Doesn't accomplish any more security, and just cost you money.

How can form fields be embedded in a notification

11 Replies

Eric_J_Hansen
Qrew Cadet
8 years ago
You can build authentication into your accept and decline buttons.
QuickBaseCoachD
Qrew Captain
8 years ago
Joey, contact me off line if you need help building those buttons.
MCFNeil
Qrew Captain
8 years ago
Overall, In order to have these button happen without a sign in, you would need to include 2 types of authentication, that are build into the button.

Door 1:
You would need a Ticket AND a Token.

The ticket can have an expiration date/time of 12 hours, unless you want to set a shorter or longer window for the button to work in the email. Keep in mind that if you make it longer, anybody with that token and ticket (that is in the URL) can do basically anything with your app. So its not really secure, if somebody wanted to be malicious.

Door 2:
Have an "Open to the Internet" app, that allows people to edit records on the 'Accept/Decline' table in question. You would then only need to provide an app token in the button, and have a bit more security to your data. But, again, anybody that gets that url can basically get access to your app and home pages. So again, its not a very secure option.

Door 3:
Use a portal Add-on, where the person has a specific username & password (these would not count as QB users, and you could have 500 without paying). Then they would have access to the records they need to approve, and you can control what they see/do more without compromising your app security.

Door 4: (which would take a power user to pull off successfully),
Is build a separate app (that is open to the internet), with a sync table of all the data from your real table in the main app, then the button that goes out, will send them to that one table app, that has the approve/decline button. You could even just sync the key data that they need. Then make a few webhooks to (1) trigger the email and (2) update the main app when the button is accepted or decline. This give you a layer of protection, but again, requires quite a bit of set up.

Which door do you like?
QuickBaseCoachD
Qrew Captain
8 years ago
Matthew, isn't a other option to build in auththetication into the button itself, with a userid and password? One would use a userid ina Role which has very limited editing abilities.
- MCFNeil
  Qrew Captain
  8 years ago
  So basically you'd be paying for a user license and in essence still open that app to the internet. Doesn't accomplish any more security, and just cost you money.
ZintJoseph
Qrew Captain
8 years ago
That user could be someone already registered as a user...Ultimately this option is only for internal personnel but could be used for outside customers and contractors at some point
- MCFNeil
  Qrew Captain
  8 years ago
  if they are already users, you wont even need to put the authentication in the button. They'll use their own username to login, that way you can see who edits the record.
MCFNeil
Qrew Captain
8 years ago
Your original questions says you get an error, even when you are logged in. What is your formula url look like?

That might be the root of all this.
ZintJoseph
Qrew Captain
8 years ago
URLRoot() & "db/" & Dbid() & "?act=API_EditRecord&apptoken=cwfcy7gdzqrsyncqbi2bn4u4kr&_fid_66=1&rid=" & [Record ID#] & "&rdr=" & URLEncode(URLRoot() & "db/" & Dbid() & "?act=dr&rid=" & [Record ID#])

I took this app over from another person and am trying to put in a lot of automated emails based on triggers. I just found an issue that I did not see and that was a lot of form rules to change fields based on the Accept or Declined option in the email. I just had to turn them all of due to issues of data being hidden. I am having to regroup, do my updates and then I will have to dig back into this.
Basically they had two links in the email....Accept or Decline. The trigger the url above (this one is for accept), that in turn change the status of the request as well as changed a couple of drop downs in the form....I have broken it!

I did not review the entire app and format....lots of fun now!
- MCFNeil
  Qrew Captain
  8 years ago
  Well good luck with the app you inherited, and post back if you have any other questions.
  
  Personally I find it harder to understand somebody else's app, then building my own new one. So I don't envy you. _
- ZintJoseph
  Qrew Captain
  8 years ago
  Well, I am on the verge of just that very thing....would not be the first one I have scrapped and started new on.

Forum Discussion

How can form fields be embedded in a notification

11 Replies

Related Content

email notification error

New email notification beta has arrived

Notification Button

An API(?) button to copy fields from the form, to other fields

Multiple reference proxy fields help

Recent Discussions

What is the matter with my API Button formula?

Live Chat with Others in The Qrew in Discord

Filter out some records on related table

New Form - Show Create Record button

Copied Field doesn't have the same usage as the original