Say you've got something special, a chart, PDF or a video and you want to restrict access to it. You don't want to require an account setup and a login, but you want to make sure that someone fills in a form first, to get access.
If someone then copies that link and tries to share it, or post it in a forum somewhere, ideally it won't work, and people who try to access it will be directed to register for free access as well.
How do we build this in Webflow?
There are three approaches you could do to help deter abuse;
- IP-limit the URL ( e.g. only people from the same IP that enrolled can view this content page )
- time limit the URL ( e.g. accessible for 1 hour after enrolment )
- hit-limit the URL ( e.g. this page can only be viewed 3 times )
Depending on how much time you want to invest in that deterrent feature, you can use those in combination.
Of these, I favor IP-restriction, because it’s the cleanest and easiest to implement, and I think it offers the right capabilities in this scenario, unless it creates GDPR issues in your target market.
Unfortunately, if you’re wanting to build this in Webflow, it’s a bit involved, and will require custom coding, Airtable, and automation, working together. Features involving security tend to get complex quickly, but this is a pretty clean way to do it.
Scenario #1
For this scenario, we assume the user fills out the lead form, and then is immediately and seamlessly directed to the content page.
The basic parts you need are;
The form page
- Captures lead info
- Captures auth info, IP,
- Generates auth token
- Submits the auth & token to an automation to an automation Webhook, that inserts it into your Airtrable base
- Redirect, to your PDF page, e.g. /get-pdf?auth=39dd9019-b548-44ca-820d-cad1d6988e3e
The content page
- Starts with a “please wait” animation
- Uses a webhook endpoint to get your auth record from airtable, if it can find one. times out after 4 sec if not, and displays a “register to access this… click here to report a problem…” message.
- When the webhook returns with data, compare the IP, timestamp, etc to determine access
- People with access are shown the article, video, image, PDF, etc.
- People without access are redirected to a marketing page to sign up
Scenario #2 - Email verification
Another popular pattern, slightly more complex, is to email a password to the user. They then have to check their email to get that, and click that link or paste that ID into a new page.
The mechanism here is similar but the added email step lets you verify the email is real and point to them, if avoiding fake emails is important to you.