Skip to main content

What you can access with secure links

Secure links provide a layer of security when you share your app publicly. You can use them to link to forms and reports. This article gives more detail on what anonymous users have access to with secure links.

In this article

Forms

Use secure links to give anonymous users access to individual records by linking to a form. Depending on the permissions you set up, anonymous users can view, modify, and save forms.

Access to data available through form rules

When you view a form or report in Quickbase, there may be several different requests that are sent to Quickbase from the browser. This helps keep pages performant and allows for powerful tools like form rules.

Quickbase includes the access key in all these requests. This means, that without any additional work from you, anonymous users with a secure link may access a form in its entirety, including dynamic changes to the form made via form rules.

Setting up access to record pickers and embedded reports on forms

Many forms also include record pickers and embedded reports. For example, if you are on a child table, you may have a dropdown that allows you to choose from related parent records. You may also have an embedded report that shows related child records.

To make sure anonymous users can see record picker options and embedded reports, set up cascading permissions. Cascading permissions are a building technique that allows you to fine-tune the data available to certain roles. One simple way to set them up is outlined in the following steps:

  1. Create a field to evaluate against. In the case of secure links, this is the field that evaluates the validity of the access key.

  2. Add that field as a lookup or summary field to related tables where you want to run the same evaluation.

  3. Make data available based on the field you’re evaluating against by using a custom rule on all tables involved.

As long as related tables evaluate the validity of the access code in the URL, anonymous users can use record pickers in forms and view embedded reports.

Making APIs and custom buttons work for anonymous users

Anonymous users with secure links can use APIs and custom buttons, as long as you include the access key. Specifically, the following are supported:

  • XML APIs
    • For example, API_AddRecord and API_EditRecord
  • Formula - URL buttons
  • Formula - rich text buttons

JSON API calls are not supported but may work intermittently.

Behavior when anonymous users save records

Secure links go to a single page. This means that when an anonymous user modifies and saves a record, they do not have access to anything after that. After they select save, they’ll be prompted to sign into Quickbase.

If you want anonymous users to see a confirmation, or be able to view the record they just saved immediately after they modify it, you can create a custom save button. Or you can use the nextURL parameter in your secure link. This allows the access key to follow to the next URL the anonymous user encounters. You can find an example of a secure link that uses nextURL in the Exchange.

Reports

Reports that are accessed via secure links include dynamic filters and column filters.

Access to individual records from reports

If someone accesses a report via a secure link, they can view the report in its entirety. However, they cannot view an individual record from a report.

As a best practice, do not include the field that contains the access key on reports. This helps ensure access keys are not shared and remain secure.

Unsupported access

You can use secure links to give anonymous users access to forms and reports. They are meant to provide limited access. If someone uses a secure link to access your app, the access key is only available for that single page. They cannot follow breadcrumbs or navigate to other parts of Quickbase.

Additionally, the following areas are unsupported for secure links.

  • Legacy forms

  • Legacy reports

  • Legacy dashboards

  • Dashboards

  • JSON APIs

If you create secure links to these areas, they may work intermittently, but they are unsupported. This means there is no guarantee that they will continue to work.

Related articles

Top