Skip to main content

Overview

Sending links is the primary method for collecting authentication credentials and user inputs from your customers to execute Anon workflows and jobs. When you create a link, Anon generates a secure, signed URL that you can send to your customers. These links direct customers to a secure interface where they can provide necessary authentication information such as:
  • Email addresses and passwords for source systems
  • Multi-factor authentication (MFA) codes
  • Security questions and answers
  • Phone numbers for SMS verification
  • Any other authentication-related inputs required by the source system
This approach allows Anon to securely collect sensitive credentials without exposing them to your application, while maintaining compliance and security best practices.

How It Works

The link sending process involves three main steps:
  1. Create a Link: Your backend calls the Anon API to create a link for a specific job
  2. Retrieve the Signed URL: Anon returns a secure, time-limited URL
  3. Send to Customer: Share the URL with your customer through your preferred channel (email, SMS, etc.)
Always ensure customers have clear intent and understand why they’re being asked to authenticate. Links should be sent in response to customer actions or when authentication is required for requested operations.
When you create a link, you provide the following property:
PropertyTypeRequiredDescription
external_idstringYesYour internal identifier for the customer (e.g., user ID, email, account ID). Use this to track which customer the authentication link belongs to.
job_idstringYesThe ID of the job to execute
The API returns:
PropertyTypeDescription
link_urlstringThe secure, signed URL to send to your customer
expires_atstring (ISO 8601)When the link expires (default: 7 days from creation)

Security Considerations

Credential Security

Anon links provide a secure way to collect sensitive authentication credentials without exposing them to your application:
  • Credential Isolation: Customer credentials are entered directly into Anon’s isolated virtual browsers and never pass through your application
  • Encrypted Transmission: All credential data is transmitted over TLS and stored using industry-standard encryption
  • Compliance: Anon handles credential storage and management in compliance with security standards
  • No Credential Exposure: Your application never has access to raw passwords, 2FA codes, or other sensitive authentication data
This architecture ensures that your application remains compliant while enabling seamless authentication with external systems.
Links are time-limited to enhance security:
  • Default expiration: 7 days
  • Can be customized based on your security requirements
  • Expired links cannot be used and will show an error to customers
Always create fresh links for each authentication session. Do not reuse or share links across multiple customers.
Links are reusable within their expiration window (default 7 days):
  • Customers can access the link multiple times if they need to retry authentication
  • This is helpful if customers enter incorrect credentials and need to try again
  • Links remain valid until they expire or authentication is successfully completed
  • Once authentication succeeds and workflows complete, the link is no longer needed

Authentication and Authorization

  • Links are user-specific and tied to the external_id you provide
  • Anon validates the link signature before presenting the authentication interface
  • Your API key is never exposed to customers
  • Each link creates an isolated authentication session
  • The external_id helps you track which customer each link belongs to
Never expose your Anon API key in client-side code. Always create links from your backend server.
PLACEHOLDER BELOW
After sending a link, you can monitor its usage: Check if a customer has clicked or completed the workflow: 
async function getLinkStatus(linkId) {
  const response = await fetch(`https://api.anon.com/api/v2/links/${linkId}`, {
    method: 'GET',
    headers: {
      'Authorization': `Bearer ${process.env.ANON_API_KEY}`,
      'Content-Type': 'application/json'
    }
  });
  
  const { status, job_run_id, created_at, accessed_at, completed_at } = await response.json();
  return { status, job_run_id, created_at, accessed_at, completed_at };
}
PLACEHOLDER BELOW
StatusDescription
CREATEDLink created but customer has not yet clicked it
ACCESSEDCustomer clicked the link and is viewing the authentication interface
AUTHENTICATINGCustomer is in the process of entering credentials and authenticating
IN_PROGRESSAuthentication successful, workflows are executing
COMPLETEDAuthentication and all workflows completed successfully
FAILEDAuthentication failed or job execution failed
EXPIREDLink expired before customer completed authentication

Webhook Notifications

PLACEHOLDER BELOW
For real-time updates, configure webhooks to receive notifications about authentication status and job execution: 
// Example webhook payload - authentication successful
{
  "event": "link.authenticated",
  "data": {
    "external_id": "customer_12345",
    "source_system": "gusto",
    "status": "AUTHENTICATED",
    "authenticated_at": "2025-11-11T15:25:00Z"
  }
}

// Example webhook payload - workflows completed
{
  "event": "link.completed",
  "data": {
    "external_id": "customer_12345",
    "source_system": "gusto",
    "status": "COMPLETED",
    "completed_at": "2025-11-11T15:30:00Z"
  }
}

// Example webhook payload - authentication failed
{
  "event": "link.failed",
  "data": {
    "external_id": "customer_12345",
    "source_system": "gusto",
    "status": "FAILED",
    "error": "AUTHENTICATION_FAILED",
    "error_message": "Invalid credentials provided",
    "failed_at": "2025-11-11T15:26:00Z"
  }
}

Webhooks

Learn how to configure and handle webhooks for real-time authentication and workflow notifications

Customer Experience

When a customer clicks a link you’ve sent, they are directed to an anon.com webpage where they go through a secure authentication flow:
  1. Link Validation: Anon validates the link signature and checks that it hasn’t expired
  2. Authentication Interface: Customer is presented with a secure authentication form
  3. Credential Collection: Customer provides required authentication information, as required by the source system:
    • Email address and password for the source system
    • Multi-factor authentication codes (SMS, authenticator app, email)
    • Security questions and answers
    • Phone number verification
    • Any other authentication requirements specific to the source system
  4. Authentication Processing: Anon securely authenticates with the source system using the provided credentials
  5. Workflow Execution: Upon successful authentication, workflows execute automatically in the background
  6. Completion: Customer sees a success message and is propmted to close the webpage
The entire authentication interface is managed by Anon. Customers enter their credentials directly into Anon’s secure environment, never passing through your application.

What Customers See

The authentication interface is designed to be clear and trustworthy:
  • Clear indication of which source system they’re authenticating with
  • Step-by-step guidance through any multi-factor authentication requirements
  • Real-time feedback on authentication status (Anon closely mirrors the source system’s prompts and user messaging)
  • Error messages with helpful guidance if credentials are incorrect
  • Security indicators to build customer confidence
You can customize the appearance and user messaging in the Anon link through the Anon dashboard.

API Implementation

Create a new link URL

Create and send secure authentication links to collect customer credentials