Add Host Action Buttons in Email to Accept/Reject Visitor (FileMaker Server 19.3 + WebDirect)

1

I'm currently working on a Visitor Management System using FileMaker Server 19.3, with WebDirect enabled. I’ve implemented an email notification to be sent to the host when a visitor registers. Now, I’d like to improve this feature by adding two action buttons within the email:

  • :white_check_mark: Accept – to approve the visitor and allow them to pass
  • :cross_mark: Reject – to deny the visitor entry

:bullseye: Goal:

  • Based on the value (Accepted / Rejected), it should appear on a dedicated layout visible to Security at Reception — so they can easily confirm who is cleared to enter.

:wrench: Current Setup:

  • FileMaker Server 19.3
  • WebDirect enabled
  • Visitor registration form updates a hosted FileMaker record
  • Email sent using Send Mail with visitor details

:red_question_mark:My Questions:

  1. How can I generate email buttons (Accept / Reject) that trigger a script or update the record when clicked?
  2. Is there a secure method to achieve this using WebDirect links?
  3. How can I ensure that clicking the link from the email opens WebDirect and passes parameters (e.g., visitor ID and action)?
  4. Any advice to prevent unauthorized access to this approval system?

I would really appreciate a sample script or URL structure recommendation.

Thank you in advance for your support!

2

First, you should immediately update FMS to 19.6.4 (or 20.x or 21.x). 19.3 is not secure. See ClarisPKB

I would approach it like this:

  1. in FileMaker, create a UUID for the record
  2. create two clickable links in the email that includes the UUID. The URL should have this format:
Click here to Accept this registration:
https://example.com/fmi/webd/databaseName?script=Accept&param=UUID

Click here to Reject this registration:
https://example.com/fmi/webd/databaseName?script=Reject&param=UUID

Replace 'example.com' with your hostname, 'databaseName' with your actual database name, 'Accept' and 'Reject' with your actual script names, and replace 'UUID' with the actual UUID.

  1. in FileMaker, your Accept and Reject scripts should show a user interface with a button to confirm the action. This button will run a script which does a Find for the record containing the matching UUID, and then set field(s) as appropriate.
  2. If you are worried about unauthorized people accessing this system, you could put this form behind an additional password-protected login.
  3. Security in WebDirect is important - if you open your FileMaker database for public [Guest] WebDirect access, make sure this Privilege set is as locked down as possible.

Be aware of some issues:

  • many email systems have security scanners that follow links in emails to see if they are "safe". Don't be surprised if one or both URLs are loaded by the scanner, before the user even receives the email. This is why you need a manual confirmation step (see 3 above).
  • UUIDs are generally too long to guess, so there is a form of security involved here.
3

Note that FileMaker Pro cannot make emails with buttons because it sends email as plain text. @xochi's suggestion won't create buttons. The URLs will be visible as plain text.

You will need to use something other than FileMaker's Send Mail script step to do what you want. For example, you could use the Insert from URL script step or an email plugin.

1 Like
4

All email is plain text. HTML and SVG are plain text so this is not a dealbreaker. And there are excellent plugins that make it easy to generate HTML email.