Concepts
Reviewer Tokens
How reviewer authentication works and how to share review links with clients.
Reviewers are the people who leave feedback — typically clients or stakeholders. They don't need a Faster Fixes account. Access is managed through tokens.
How tokens work
- Each reviewer gets a unique token when created in the dashboard
- The token is appended to your website URL:
https://yoursite.com?ff_token=<token> - When the reviewer opens this link, the widget activates and attributes feedback to them
- The token is persisted in the reviewer's browser (
localStorage), so subsequent visits don't require the URL parameter
Sharing the review link
In your project dashboard, go to Reviewers → Create Reviewer. Give each reviewer a descriptive name (e.g. "Sarah - Product Manager"). Copy the generated review link and share it with your client.
Security
- Tokens are hashed with SHA-256 before storage — the raw token is never saved in the database
- Origin validation ensures feedback can only be submitted from your project's configured URL
- Rate limiting prevents abuse (100 submissions per hour)
Managing reviewers
| Action | Effect |
|---|---|
| Revoke | Temporarily disable a reviewer's access. Existing feedback is preserved. |
| Restore | Re-enable a revoked reviewer. |
| Delete | Permanently remove a reviewer and disassociate their feedback. |
Best practices
- One token per person — Create a separate reviewer for each person so feedback is clearly attributed.
- Use descriptive names — Names like "Sarah - Product Manager" make it easy to identify who left each piece of feedback.
- Revoke after review — Disable tokens after the review phase ends to prevent stale feedback.
- Never share a single token across multiple reviewers.