Access to this feature can change based on your Quickbase plan. Learn more about feature availability and plans in Quickbase capabilities.
Secure links allow you to share limited parts of your Quickbase apps with users who are not signed into Quickbase. They are the best way to mitigate the risks of publicly sharing your app.
For secure links to function, three main components work together:
-
URLs constructed in formulas that contain an access key
-
Formula field that extracts the access key from the URL and then evaluates if it is valid
-
Custom permissions that grant access to data, depending on the validity of the access key
There are many ways to apply these three components to your app. This article gives more details on each component and shows some of the simplest ways to implement them.
In this article
Construct URLs that contain an access key in formula fields
Secure links are generated by a Quickbase formula. The formula constructs a URL that acts as a link to the record or report. To be a secure link, it must also include an access key.
Formula examples
You can install an example formula directly from Exchange, or write the formula yourself. This is an example formula that constructs a URL and includes an access key:
var text accesskey = SHA256(([Record ID#] & ToUnixTime([Date Created])));
URLRoot() & "db/" & Dbid() & "?a=dr&accesskey="&$accesskey& "&rid=" &
[Record ID#]
If you're getting started with the Quickbase formula language, read Formula components and Formula variables to learn more about building formulas.
Creating secure access keys with SHA256()
You define the access key in the formula, and this access key is what Quickbase evaluates to give anonymous users access to your app. The more complex the access key, the more secure the link.
The formula in Exchange and the example formula in this article use the SHA256()
function. This is a hashing function, which means it takes the values provided in the formula and scrambles them. By using values that are field references, like the record ID and the date created, you create extremely secure access keys because they are unique to each record.
More ways to define access keys
Access keys can be as simple or complex as you want. Because you create them by using the Quickbase formula language, there are many creative ways to implement them.
Here are some ideas:
-
Make access keys the same across a subset of records
-
Cascade access keys to related tables
-
Set up access keys so they expire after a certain amount of time
Sharing the link
After you have built your formula, display the formula field on your form so that it is easily accessible and shareable.
You may choose to display the URL field as a button with a label, for example “Share this record.” You could also build the formula in a formula - rich text field and add custom HTML. Or, you could add the field to email notifications or documents.
For more ideas of ways to share links, see Example use cases for sharing apps publicly.
Use GetAccessKey() to check access keys
Building a formula that creates the link is only one part of setting up secure links. The next component is the GetAccessKey()
formula function. This function extracts the access key from the URL so that you can evaluate against it.
There are multiple ways to incorporate GetAccessKey()
, including using it in an existing formula. However, one of the simplest ways to use it is to create a separate formula field.
This is an example formula in a formula - checkbox field. It uses GetAccessKey()
to pull the access key from the URL. Then it evaluates if the access key in this field matches the access key in the URL:
var text accesskey = SHA256(([Record ID#]) & ToUnixTime([Date Created]));
$accesskey=GetAccessKey()
As shown in the example, the access key provided in this formula must match the access key you built in the formula that constructs the URL. Essentially, you use this formula to let Quickbase know what is a valid access key. In this case, both formulas use the same variable:
var text accesskey = SHA256(([Record ID#]) & ToUnixTime([Date Created]));
You could also create a separate field that creates the access key and reference it in multiple formulas.
If the access keys match, the box will be checked. This creates a field you can then reference in custom permissions.
Create custom permissions
After you have set up a field that evaluates the access key, you can reference that field in custom permissions.
Here is an example scenario:
-
In your app, the EOTI group is assigned a role called Public role with access key
-
You have set up a formula to construct secure links
-
You have a different formula field called Access Key Matches URL that evaluates the access keys. If they are valid, the field is checked.
To grant access to the app with the link, you must also set up a custom rule for the Public role with access key role. You set up a rule where Public role with access key may view project records where the field Access Key Matches URL is checked.
This means that if someone uses the secure link you created for this record, they can view the record. They will not be able to access it any other way.
Example workflow
After you have set up all three components—the secure link, the field to evaluate the access key, and the custom permissions—you can share the links you created and give the EOTI group limited and secure access to your app.
This is one example workflow to help you understand the end-to-end process. Additional examples can be found in Example use cases for sharing apps publicly.
Example scenario:
A project manager who is not a Quickbase user needs to approve an expense associated with the project.
To address this need, you have already:
-
Created a field in your table called Share this record. It contains a formula that constructs a secure link.
-
Added a field that defines valid access keys and uses
GetAccessKey()
to extract the access key from the URL to evaluate -
Set up a custom permission that only allows the EOTI group's assigned role to view and edit records with a valid access key.
-
Set up a custom email that sends when someone selects a box labeled Send for approval. The email includes a secure link to the record.
Someone selects the box Send for approval. Quickbase sends an email to the project manager that includes a link to the expense he needs to approve. When the project manager opens the link, the formula field checks to make sure the access key is valid. Because it is, the project manager is able to approve the expense and save the record. They cannot view any other records in the table.