In this article

    Using personal access links or codes

    • Updated
    Follow

    What is a personal access link or code?

    The SpotMe/Onomi platform often provides verified users with unique or personalized access links or codes.

    These personal access links and codes allow users to log in without needing to enter their email address or password again. They are designed to provide quick, secure, and efficient access, and are created for a specific user or profile.

    They must therefore be handled with caution.

    The personal access links and codes include:

    • Personal "Access the app" link ({{_webapp_link}})
      A unique link created for a specific attendee. Also referred to as a "magic link." It is included in invitation emails sent by SpotMe and can be added to any email template.
      This link allows attendees to access the web app directly without entering an email address or password, view their own information, and perform actions on their own behalf within the app. Find out more
       
    • Personal registration / RSVP link ({{_registration_link}}
      A unique link created for a specific attendee. It is included in RSVP invitation emails sent by SpotMe and can be added to any email template.
      This link allows attendees to access the RSVP registration page on behalf of the invited attendee, update their information, and modify their registration status. Find out more
       
    • "Access web app as" or "Preview" link
      A unique link created for a specific attendee. It is available in Backstage on the attendee details page and can only be accessed by Backstage users.
      This link is used to access the app on behalf of an attendee and is intended for testing and support purposes. Find out more
       
    • Personal SpotMe user QR code:
      A SpotMe user QR code linked to a specific user profile. It can be used to check into the event or sessions as a specific attendee, print their personal badge, or exchange business cards.
      Backstage users can provide users with their QR codes by including them in emails, on badges, or within the user's profile in the app. Find out more
       
    • Tailored meeting request availability campaign link
      When using the Appointments module, meeting planners in Backstage can access and share a tailored direct link to an availability calendar form.
      This link allows specific users to provide their overall availability for the event, helping organizers schedule meetings with them more efficiently. Find out more
       
    • Sponsor permalinks
      Event organizers can invite sponsors to privately access their profile information in Backstage so they can add or edit their information directly.
      These tailored links provide limited access to Backstage, and permission to edit only this sponsor’s own information. Find out more

    Best practices when sharing a personal access link or code

    Anyone who uses a user's personal access link, code, or QR code may be able to access the platform on that user's behalf. This means they may be able to act as that user or access and modify their personal information.

    It is therefore crucial that personal access links and codes are shared only with the users for whom they were intended: 

    ✅  In emails, always use the platform's Special link merge tags, such as {{_webapp_link}} and {{_registration_link}}. This ensures that the platform generates a unique personal link for each recipient and sends it only to that recipient.

    ✅  Always test with more than one user for each registration flow, app installation path, or app access path. While configuring and testing your workspace, always preview or send tests to at least two different users, and verify that each receives a unique link and accesses the app as the correct user. If two users receive the same link, this means it is hardcoded to one person and should be corrected immediately.

    ✅  Always ensure that badges and user QR codes are sent to the attendee to whom they belong, by following the steps here for adding personal user QR codes to emails, printed badges, app profile pages, and the QR & Scan menu item in the app.

    ✅  When someone requests a link that will be shared broadly or publicly, always ensure that it is a generic link and not a personal one.

    ✅  Always exercise caution when handling participant list exports or QR code exports. These files may contain personal access links or codes in addition to user information.

    ❌  Never manually copy and paste personal links. Whether in email templates, badge templates, app pages, or elsewhere in Backstage, personal links and tokens should never be copied from one location to another.

    ❌  Never share personal links, user exports, or user QR codes with other attendees. These items provide personal access to an individual's account and information.

    ❌  Never forward personal invitation or confirmation emails to other attendees. Each attendee must receive their own personalized invitation. Anyone wishing to register or attend an event should be invited directly or complete the standard registration process.

    Was this article helpful?
    0 out of 0 found this helpful
    Return to top

    Related articles

    Comments

    0 comments

    Please sign in to leave a comment.