Lets say we have a webapp, where we deal with customers who need to self-sign up for a service or appointment.

The customer wants to send out an email, with a link in that says: "Click here to book"

How do I:

1. Craft the URL of the link, to include a key with their Email in to prevent re-use?
  • make a table of valid hashes that are each keyed to a user, send out the hash as part of the url obviously.

2. Craft a page in my website that "reads the URL" to look up that particular customer?
  • <crickets>

3. Prevent the magic URL in #2 from being used to spoof the system.

Is there a step by step for this somewhere?