Users can use Notify to send emails to participants #109
Comments
|
This is being worked on with #104 |
|
Key question for me here is: how to secure the key that we're given.
|
|
Encrypting the API key and putting it in the cookie would enable us to generate a preview of the email(s), but carries risks:
I'd rather treat this like a credit card number: have the user put it in directly at the point it'll be used, and never let it anywhere near the cookie. However, this does mean that we can't generate a preview. |
|
I think this also means we need some content at the front of the service that says Integration with NotifyThis service is integrated with Notify. If you'd like to use Notify, you'll need an API key. So that we don't keep your API key for any longer than necessary, you won't get a chance to preview your messages before they're sent. We recommend that you test your Notify templates with an [example output file](link to an example file) We can replicate it in the Notify journey, but I really don't want users to get to the end, with the clock ticking, and realise they can't even test it. The other option is to get users to also grab a test key from Notify, which we can use in a cookie because it can't send emails but it can create previews. Any thoughts @johnpeart ? |
|
I agree with you – let's treat this as a high-risk scenario. If showing previews increases the attack surface for a data breach, let's not increase the size of the surface! The test key route feels like a nice additional touch, but it feels like gold plating right now that will add further complication to a UI that is already complicated because of needing to provide 6 keys and ID codes already. So let's add the additional text! Where do you think we should add it? On the start page? We could also add default templates for Notify to the docs; I can pick this up as part of #113. |
|
Yes, I think the start page is best. I've put some content on a new page as a starter - we can drop that page once the whole journey is clearer. The other outstanding question is how we get from the matching workflow to the notification workflow. At the moment, if you download the matches the system auto-deletes them. However, I think the addition of the notification workflow means some users will want to download the matches, check they're happy with the proposed selections, and then send them. We should be able to meet this user need, while also continuing to delete matches where users are finishing their journey. We could:
|
We should discuss this – is there another issue on this yet or shall I create one? |
|
Needs a new issue I think. Would you mind creating one? |
|
New issue: #115 |
|
You beat me to it! |
Users should be able to use Notify to send the results out
Not in scope: other mailing platforms
The text was updated successfully, but these errors were encountered: