Review Access
Review access provides time-limited login links for external platform reviewers.
UI Location
/settings/platform?tab=review-access
Core Capabilities
- Create review-access token links
- List active/expired/revoked links
- Revoke links
API Endpoints
GET /api/platform/review-accessPOST /api/platform/review-accessDELETE /api/platform/review-access/:idPOST /api/auth/review-access(token exchange)
Security Notes
- Token values are single-view at creation and should not be stored in plaintext.
- Access should be auditable with creation/revocation attribution.
- Expiration and revocation checks must be enforced on exchange.