diff --git a/docs.json b/docs.json
index c237fcf..64359f4 100644
--- a/docs.json
+++ b/docs.json
@@ -69,7 +69,6 @@
}
]
},
- "manage/access-control/links",
{
"group": "Clients",
"icon": "desktop",
@@ -96,18 +95,19 @@
"icon": "user-group",
"pages": [
"manage/access-control/create-user",
- "manage/access-control/approvals",
- "manage/access-control/rules",
- "manage/access-control/forwarded-headers",
- "manage/access-control/login-page",
+ "manage/access-control/mfa",
+ "manage/access-control/security-keys",
+ "manage/access-control/session-length",
+ "manage/access-control/password-rotation",
+ "manage/access-control/change-password",
"manage/ssh",
+ "manage/access-control/rules",
"manage/geoblocking",
"manage/asnblocking",
- "manage/access-control/mfa",
- "manage/access-control/password-rotation",
- "manage/access-control/session-length",
- "manage/access-control/change-password",
- "manage/access-control/security-keys"
+ "manage/access-control/links",
+ "manage/access-control/approvals",
+ "manage/access-control/forwarded-headers",
+ "manage/access-control/login-page"
]
},
{
diff --git a/manage/access-control/links.mdx b/manage/access-control/links.mdx
index 2baec44..c34a79b 100644
--- a/manage/access-control/links.mdx
+++ b/manage/access-control/links.mdx
@@ -1,6 +1,5 @@
---
-title: "Links"
-icon: "link"
+title: "Shareable Links"
description: "Create Links and use access tokens for browser or programmatic access."
---
@@ -8,13 +7,11 @@ import PangolinCloudTocCta from "/snippets/pangolin-cloud-toc-cta.mdx";
-
-
-Links are special URLs that grant access to one resource without requiring the recipient to sign in as a Pangolin user.
+Links are special URLs that grant access to one resource without requiring the recipient to sign in as a Pangolin user. Anyone with a web browser on the internet can access the resource if they have a valid Link.
When you create a Link, Pangolin gives you two ways to use it:
-- **Link**: Send this to a person. This is a Pangolin-hosted URL, usually on your Pangolin domain, that validates the Link and then redirects them to the resource.
+- **Link**: This is a Pangolin-hosted URL that validates the validity of the Link and then redirects them to the resource.
- **Access Token Usage**: Use this only when making direct requests to the resource URL from scripts, tools, or integrations.
## Create a Link
@@ -26,7 +23,9 @@ From the resource authentication flow, create a Link by:
3. Setting an expiration, or enabling **Never expire** if the link should stay valid until you revoke it.
4. Copying the generated link or access-token details immediately after creation.
-
+
+
+
Anyone with the Link or access token can use it. Treat both like credentials.
@@ -45,11 +44,13 @@ This is why the two URLs often look different:
- The **Link** is usually on your Pangolin domain.
- The **Access Token Usage** examples use the resource URL directly.
-
+
+
+
### Query Parameter
-By default, Pangolin accepts the access token in the `p_token` query parameter:
+Pangolin accepts the access token in the `p_token` query parameter:
```bash
curl "https://resource.example.com/?p_token=."
@@ -59,6 +60,8 @@ The query-string value is the token ID and token joined with a `.`.
Some deployments may use a different query parameter name.
+The query parameter must be sent in every request to the resource, not just the first time.
+
### Request Headers
By default, Pangolin accepts these headers:
@@ -79,6 +82,8 @@ This is the same token data as the query-string form, split into two headers ins
Some deployments may use different header names.
+The headers must be sent in every request to the resource, not just the first time.
+
## Expiration and Revocation
- Expiring links stop working automatically when their lifetime ends.
@@ -89,4 +94,3 @@ Some deployments may use different header names.
- Links are best for targeted sharing and automation, not broad long-term access.
- Link-based access does not carry per-user identity headers to the upstream app. For identity-aware upstream integrations, see [Forwarded Headers](/manage/access-control/forwarded-headers).
-- For the underlying auth settings on the resource itself, see [Authentication](/manage/resources/public/authentication).