How to Approve or Reject Quote without Logging In?

I just started using InvoicePlane. I am actually using it internally in our organization since I do ordering for different departments. I usually have emails going back and forth to get their approval to proceed with ordering. This would be perfect if I could send out a link to the department heads and have them just click on the link to approve or reject the quote. However I can’t seem to figure out how to make the system so that they don’t have to login in order to do that. We already have way too many passwords to remember. There is no need to have security tight internally.

Is this possible with InvoicePlane? If so, how can I do it?

I’m pretty sure you can send them the “Guest URL” and they can approve from there without a login

That is what I am talking about. When I send someone the guest URL, at the top it has buttons for Approve or Reject quote. When they click on either one, it then prompts them to login.

Very strange - I thought this worked, but just tested it myself and even the buttons aren’t there. No idea, sorry!

I’m also trying to find a workaround for this… Was this functionality recently removed?
If I try to accept/reject quotes I simply get the message “This account is not configured. Please
contact the system administrator.”

Related topics seem to suggest accepting / rejecting quotes via guest urls was still working
until recently. Does anyone know how one might work around having to create user accounts
for every client receiving a quote?

Thank you for the great software!

I added a new ticket for that.

Clients should indeed be able to approve/reject quotes without having to log in.

1 Like

Can anyone provide a hint as to where in the code this is likely to be occurring? The bug report (IP-547) is marked for fix in the next release, but doesn’t seem to have had anything done to it. If I know where I’m looking, I can compare my working 1.4x and test 1.5 environments. Basic checking fo the server logs hasn’t been productive.

I am happy to debug (based on the prebuilt packages) if someone can point me in the right direction. This is a critical feature, and if I can help get it resolved I will. I’d like to upgrade my own 1.4 system to 1.5, and this is the only thing preventing me from doing so.


for v1.5.3, look into:



Current logic is also poor design by the way, since links to approve are like /guest/quotes/reject/1 where 1 is the quote’s ID. Which means anyone can run a malicious cronjob and approve all your quotes from ID 1 to ID 9999999…
Having a key in the url to access the quote, but no key to approve/reject it, is non-sense.
Interestingly enough, there also is a function called approve_quote_by_key() instead of approve_quote_by_id() which makes me wonder why it’s been designed the worst way. Maybe because further in the code, there’s a function called email_quote_status() which requires the quotes ID as a parameter…

1 Like

Awesome work, Musa :). I’ve updated the code referenced in GitHub, and can confirm that this fixes the issue in 1.5.3.

I made these changes in my system, and it is working as well. HUGE thanks to Musa!