Client invoices - revoke access on change of email

Just came across this. A new accs contact at an existing client phoned and asked for a copy of an invoice. They gave me the wrong email adress, so instead of accs@ they gave me accs@ so I send a copy of the invoice, and a day later get a polite response from the wrong recipient saying "sorry, not us."
I change correct the contact information, re send and all is fine.
Except I notice that the link in the email originally sent to the wrong adress is still live, meaning that the .com accs people now have access to the company accounts - in fact it even appears on the Recent Events for the client.

Just to note i noticed something similar but it was whilst doing test invoices to myself, is there not a way to make the client login and as such you can change password to stop any errors like this>?

I’ve passed this on to be looked at, I will let you know once I get a reply.

@Paul just curious, did you change the email address for the contact or did you delete and recreate the contact?

I just edited the email address.
I was thinking a simple solution would be to remove the ability to do so !

The link is keyed against the ID of the contact record so changing the email address wouldn’t revoke access. Actually deleting the contact record (not the whole client) and recreating a new one with the correct email would render the first link unusuable.

I had a feeling it might be. Would it be an idea to either prevent editing of the email adress or to recreate the contact record with a new ID when the edit buttion is pressed.
The only reason I found out was because the wrong recipient responded and left the original email with the link in it in their reply.
In this instance not important but it is quite likely that they could be competitors or worse, both clients …paying different prices!

I will have a think about that one. As you say it may be best to recreate the contact with a new ID in the background. This would however have the consequence of disabling all old links if there is a legitimate reason for changing the email.

As soon as I have more time I will discuss this with one of our developers.


It be easier to implement a login instead of security token, so the client is faced with a login screen which will be there email and password assigned by your then solves both problems editing and old links and security

This would throw up an obstacle that many end-user clients would object to… getting paid on time is a sensitive subject so I believe the least amount of friction their is to viewing invoices the better.

That said you can already enforce manual login for each client by invoking the following:

SO that is what that option is for… i might use it myself,

however maybe the best way to provide continuity between old and new and plug the gp would be, if email address changes, then change securitytoken then the old link would be invalid

Could this be dealt with by a note on the “access denied” screen saying “if any details have been changed recently you will need to us the latest email link”

We will actually look at an additional option when changing the email address of a client contact to revoke access to all previously issued invoice links. Then in the background this will delete and recreate the contact with a new ID.

This is a planned feature and should be ready in 1-2 weeks.

1 Like

We have now added an additional checkbox that will appear whenever a contact email address is changed.

When invoked this will drop the existing contact entirely and create a new one. By doing this any previously issued invoice links will be rendered unusable.

Great! That will fix it!

1 Like