Sending an email with a button that opens a link and passes hidden/sensitive parameters to prefill a form

Hi ​@Subin 

Help for how to format HTML A HREF tag: https://www.w3schools.com/tags/att_a_href.asp

Hey there ​@Subin 👋

You can use HTML as Troy mentioned to create a clickable button in an email, which links to prefilled form using URL parameters - assuming the form itself supports that method of prefilling of form fields, not all do.

Can you tell us a bit more about your use case though? Asking as the values used in the URL parameters would be visible to the user if they hovered over the button (and email scanners). If the data is sensitive, and you don’t want that exposed there might be a different way to capture it then update the form submission with it later. But it would depend on which form app you’re using and what sort of sensitive data you’re trying to pass. I’d be happy to help come up with some potential alternatives if you can share some more details here.

Looking forward to hearing from you!

​@SamB I am trying JotForm currently. ( However, my requirement is independent of the platform). JotForm has a feature /action in Zapier for my requirement, However it forces the user to register and login to Jotform platform first,  to fill in the form. That is not a very welcoming step and a deterrent for many people to take the test. Looks like this forced login is implemented at Jotform side.  I need to bypass that Forced login. Hence trying to send the mail through gmail ( rather than sending through Jotform Action).This achieves the same purpose; However data is send through GET / url parameter appending; These parameters( Name, mail and a UniqueCode) is visible to the user looking at the URL. Hence I am looking for a method( Like POST) where data/parameter is shown openely.

Thanks for sharing some further details here ​@Subin, much appreciated! 🤗

It sounds like you were wanting to use Jotform’s Assign Prefilled Form action which does allow hidden prefilling but like you said, it always forces the person to log into Jotform. As this is enforced on their side it can’t be bypassed via Zapier by using a POST Webhooks action.

Yes, prefilling a publicly accessible form using URL parameters will always expose the field values in the URL. Instead of prefilling you could provide a link to the form with no values prefilled, but this would mean that they’d have to enter those manually which isn’t ideal.

A better alternative might be to generate a form link with a unique ID for each email link, instead of prefilling the form with the Name, Email and UniqueCode, you’d store those details in Zapier Tables (or a different database or spreadsheet type of app) along with the corresponding unique email link ID. Then, prefill the form with that unique link ID, (you could remove the other fields for the Name, Email and UniqueCode as they wouldn’t need to fill those out). Jotform’s API doesn’t appear to have a way of updating an existing submission, but you could a have another Zap that runs when a new submission has been added in Jotform, then use a Find Records search action to look for the record using the unique email link ID to find the corresponding record, then update that record with the responses in the form submission. That would allow you to see the submission details from the person along with the sensitive details in a single place without the sensitive details being exposed to the person. Do you think that sort of approach could work for your needs here?