Public Share Links¶
Overview¶
Public Share Links allow Tenant Admins to create unique, secure links that enable customers and other stakeholders to access a specific POC without requiring authentication or creating user accounts. This feature is ideal for sharing POCs with external stakeholders who need limited, read-only access.
Key Features¶
✅ No Authentication Required - Customers access POCs via public links without login ✅ Secure Tokens - Cryptographically secure, unguessable 256-bit URL-safe tokens ✅ One Link Per POC - Only one active public link per POC (prevents link proliferation) ✅ Easy Management - Create, view, copy, and delete links from the POC detail page ✅ Read-Only Access - Public users cannot modify POCs, only view them ✅ Revocation - Tenant admins can immediately revoke access by deleting the link ✅ Warning System - Admins receive security warnings before creating public links
How It Works¶
For Tenant Admins¶
- Navigate to a POC detail page
- Click the "🔗 Create Share Link" button
- Review the security warning (confirms "anyone with the link will have access without authentication")
- Click "Create Link" to generate the public link
- Copy the link and share it with customers
- Anytime: Click "🔗 Manage Share Link" to view, copy, or delete the link
For Customers¶
- Receive a public link from the Tenant Admin
- Click the link (works in any browser, anywhere)
- View the POC details, tasks, task groups, and success criteria
- Cannot modify anything (read-only access)
- If the link is revoked, access is denied immediately
Security Model¶
What's Protected¶
- Only Tenant Admins can create/delete public links
- Links are unique and verified before granting access
- One link per POC (prevents duplicate link creation)
- Soft deletes preserve audit trail
What's Accessible¶
- POC details (title, description, dates, objectives, etc.)
- Task and task group listings
- Success criteria
- Task status and assignments
- Comments (depending on configuration)
What's NOT Accessible¶
- POC creation/editing
- Task modification
- User management
- Tenant settings
- Any admin features
Use Cases¶
- Customer Demos - Share POC status with external customers without creating accounts
- Stakeholder Reviews - Allow executives/partners to monitor POC progress
- Sales Enablement - Demo POCs to prospects or partners
- Compliance & Audits - Grant temporary access to auditors or regulators
- Cross-Org Collaboration - Share status with partner organizations
Access URL Format¶
https://your-domain.com/share/{access_token}
Example:
https://poc-manager.example.com/share/rA5k_xY2pQ8jM1nL_Z9vW4bK3tH6cJ0
API Endpoints¶
Create Public Link¶
POST /pocs/{poc_id}/public-link
{
"id": 1,
"poc_id": 123,
"access_token": "rA5k_xY2pQ8jM1nL_Z9vW4bK3tH6cJ0",
"access_url": "https://domain.com/share/rA5k_xY2pQ8jM1nL_Z9vW4bK3tH6cJ0",
"created_at": "2026-02-11T20:00:00Z",
"created_by": 5
}
Get Public Link¶
GET /pocs/{poc_id}/public-link
Delete Public Link¶
DELETE /pocs/{poc_id}/public-link
Access Public POC (No Auth)¶
GET /public/pocs/{access_token}
Best Practices¶
- Share with Caution - Only share public links with trusted stakeholders
- Communicate Scope - Let recipients know they're viewing a public/demo environment
- Monitor Usage - Check creation and deletion timestamps
- Rotate Links - Consider deleting and recreating links periodically
- Revoke Immediately - Delete links when stakeholder should no longer have access
- Use Descriptively - Remember which customers have which links
Limitations¶
- Only one public link per POC
- No access restrictions (anyone with URL can view)
- No usage analytics (no tracking of who accessed the link)
- No expiration dates (links remain valid until deleted)
- No rate limiting on public endpoints