Invitations: Share access with public tokens

Invitations in Polimake Studio let you share access to projects in two ways: by inviting full members with accounts, or by sharing public tokens for temporary access without an account. This guide will teach you how to use both options effectively.

Inviting users (full members)

Full members are users who have an account in Polimake Studio and permanent access to the project (until they're removed).

Invitation process

1. Open the project you want to invite members to
2. Go to "Members" or "Team" in the project settings
3. Click "Invite member" or a similar button
4. Fill in the form:
   • Email: Enter the email of the user you want to invite
   • Permissions: Select "Read" or "Write"
   • Message (optional): Add a personalized message to the invitation
5. Click "Send invitation"

Accepting invitations

When someone invites you:

1. You receive an email with the invitation
2. Click the link in the invitation
3. If you don't have an account: You'll be asked to create a Polimake Studio account
4. If you already have an account: You simply log in
5. You're automatically added to the project with the assigned permissions

Managing sent invitations

You can view and manage the invitations you've sent:

• View status: See whether the invitation was accepted, is pending, or has expired
• Resend: Resend an invitation if needed
• Cancel: Cancel a pending invitation
• View history: See all sent invitations

Managing received invitations

In your invitations section you can:

• View pending invitations: Invitations you haven't accepted yet
• Accept: Accept invitations to projects
• Decline: Decline invitations you don't want to accept
• View projects: See all the projects you belong to

Public tokens

Public tokens are a way to share temporary access without requiring the user to have a full account in Polimake Studio. They're ideal for sharing with clients, external collaborators, or anyone who only needs temporary access.

What public tokens are

A public token is a JWT (JSON Web Token) that:

• Doesn't require an account: The user doesn't need to create an account
• Temporary access: It has an expiration date
• Limited permissions: It can only access specific projects
• Easy to share: It's shared via a link or code

Creating a public token

1. Open the project you want to grant access to
2. Go to "Invitations" or "Public tokens" in the settings
3. Click "Create public token" or similar
4. Configure the token:
   • Name: A descriptive name to identify the token (e.g., "Client XYZ - Review")
   • Permissions: Select "Read" or "Write"
   • Projects: Select which projects it grants access to (can be one or several)
   • Expiration date (optional): When the token expires
   • Usage limit (optional): How many times the token can be used
5. Click "Create token"
6. Copy the generated link or token
7. Share the link with the person who needs access

Sharing public tokens

Once the token is created, you can share it in several ways:

• Direct link: Share the full link, which includes the token
• Token code: Share just the token code so they can enter it manually
• Email: Send the link by email directly from Polimake Studio
• Messaging: Share the link through any communication method

Important: Public tokens contain access information. Share them securely, preferably through private channels.

Using a public token

To access with a public token:

1. Receive the link with the token
2. Click the link or copy it into your browser
3. You're redirected to Polimake Studio with automatic access
4. You don't need to log in: The token gives you direct access
5. Browse normally within the permitted projects

Managing public tokens

You can manage the tokens you've created:

• View list: See all active public tokens
• View details: See permissions, projects, and expiration date
• Revoke: Invalidate a token before it expires
• Renew: Extend the expiration date if needed
• View usage: See how many times the token has been used (if available)

Guest permissions

Both full members and users with public tokens have permissions that control what they can do.

Read permissions

Users with read permission can:

• View content: See all the project's content
• View boards: Access the project's boards
• View calendar: See the calendar and scheduled content
• View designs: See designs in the Studio (view only)
• View settings: See the project's basic settings

They cannot:

• Create or edit content
• Modify boards
• Create or edit designs
• Change workflow statuses
• Invite members or create tokens

When to use: For clients who only need to review, stakeholders who want to stay informed, or anyone who only needs to see progress.

Write permissions

Users with write permission can:

• Everything read can do: All read capabilities
• Create content: Create new content in the project
• Edit content: Modify existing content
• Create and edit boards: Manage the project's boards
• Use the Studio: Create and edit designs
• Change statuses: Move content through the workflows
• Comment: Leave comments on content

They generally cannot:

• Change the project's settings
• Invite members or create tokens
• Modify workflows
• Delete the project

When to use: For external collaborators who need to create and edit content, freelance designers, or anyone who needs to contribute actively.

Differences between members and guests

Feature	Full Member	Public Token
Requires an account	Yes	No
Permanent access	Yes (until removed)	No (temporary)
Can invite others	Depends on permissions	No
Can create tokens	Depends on permissions	No
Activity history	Yes	Limited
Notifications	Yes	Limited

Accepting invitations

Member invitations

When you receive an invitation as a full member:

1. You receive an email with the invitation
2. Click "Accept invitation" in the email
3. If you don't have an account:
   • You're redirected to create an account
   • Complete the registration
   • You're automatically added to the project
4. If you already have an account:
   • You're asked to log in
   • You're automatically added to the project
5. You receive confirmation that you've been added

Access with a public token

When you receive a link with a public token:

1. Click the link you received
2. You don't need to log in: The token gives you automatic access
3. You're redirected directly to the project
4. You can browse normally within the permitted projects
5. Access expires based on the token's configuration

Note: If the token has expired or been revoked, you'll be informed and you'll need to request a new one.

Use cases for public tokens

Case 1: Sharing with a client for review

Situation: You need a client to review content before publishing.

Solution:

1. Create a public token with read permissions
2. Set the expiration to 7 days
3. Share the link by email
4. The client clicks and can review without creating an account
5. The token expires automatically after 7 days

Case 2: Temporary external collaborator

Situation: A freelance designer needs to work on a project for 2 weeks.

Solution:

1. Create a public token with write permissions
2. Set the expiration to 2 weeks
3. Share the link with the designer
4. The designer can create and edit content without a full account
5. Revoke the token when the work is done

Case 3: Review by multiple stakeholders

Situation: You need 5 different people to review content.

Solution:

1. Create a public token with read permissions
2. Share the same link with everyone
3. They can all access it without creating accounts
4. Revoke the token when the review is done

Case 4: Read-only access for reports

Situation: A director needs to see progress weekly but not create content.

Solution:

1. Invite them as a full member with read permissions
2. Or create a read-only public token with a monthly expiration
3. The director can review whenever needed
4. They can't make accidental changes

Best practices

Security

• Share tokens securely: Use private channels (email, private messaging)
• Set an expiration: Don't leave tokens without an expiration date
• Revoke unused tokens: If a token is no longer needed, revoke it
• Review tokens regularly: Periodically review which tokens are active

Organization

• Name tokens descriptively: "Client XYZ - Q1 Review" is better than "Token 1"
• Document the purpose: Note what each token was created for
• Manage expirations: Renew tokens if needed, or create them with enough time

Communication

• Explain the access: When you share a token, explain what they can do with it
• Inform about expiration: Let them know when the token expires
• Provide context: Explain which project(s) they can see and why

Troubleshooting common issues

The token link doesn't work

• Verify that the token hasn't expired
• Make sure the token hasn't been revoked
• Copy the full link without modifications
• Try from a different browser or in incognito mode

I can't create public tokens

• Verify that you have owner or administrator permissions
• Make sure the feature is enabled on your plan
• Contact support if the problem persists

A guest can't access

• Verify that they've accepted the invitation (full members)
• Make sure the token hasn't expired (public tokens)
• Verify that they have the necessary permissions
• Confirm that they're accessing the correct project

I need to extend a token

• Find the token in the list of public tokens
• Select "Renew" or "Extend expiration"
• Set the new expiration date
• Or create a new token if that's simpler

Conclusion

Invitations and public tokens in Polimake Studio give you the flexibility to share access in different ways depending on your needs. Use full members for permanent collaborators and public tokens for temporary access or for people who don't need a full account.

The key is choosing the right method for each situation and managing tokens securely. Set appropriate expirations, revoke tokens when they're no longer needed, and clearly communicate what guests can do.

For more information on permissions and roles, check out our projects and teams guide, and to manage the content guests have access to, see our content management guide.