This is a comprehensive guide on why users lose access to inquiries, how to ensure your users always have access to their inquiries, and what types of inquiries to use for your integration scenario.
Persona’s Hosted Flow Integration requires sending an inquiry link to the end user. The Hosted Flow takes different parameters, which can affect the user’s access to their inquiry. Different parameters may be more appropriate based on your specific use case and requirements.
Persona’s SDKs (iOS Integration Guide, Android Integration Guide, Embedded Integration) do not require sending links, but use the same parameters to control inquiry creation and load.
If a user has started a flow and then exits for whatever reason, you will need to resume the inquiry for them when they try to regain access to it. Make an API call to resume the inquiry when they try to re-access it, and load both the inquiry-id and session-token parameters into the SDK.
Note: Depending on your business strategy, you may decide to create a new inquiry if the current one is on a previous version. Read more about that here.
Option 1: Send the user a static link but make sure to include an opaque (but unique) token as their reference ID. This will ensure that the user always has access to the link, but that all of their inquiries will be created on the same account.
e.g https://inquiry.withpersona.com/verify?inquiry-template-id=itmpl_123&reference_id=123-abc-456
Option 2: If you have information you need to securely pre-fill into the inquiry, you can create it via API and instruct the user in the email that they must complete the inquiry in one sitting.
In this scenario, we also recommend configuring a long expiration time in the template itself.
Another option you can utilize is to create a dedicated link and append the session token to it. This will allow you to both prefill values and ensure the user does not lose access. However, as including the session token in the link grants permanent access to the inquiry (until it expires) to anyone with the link, we recommend caution with this approach and recommend that you ensure these links are transmitted securely.
The above recommendations will also apply in this scenario! The added nuance with a B2B2C model is that your customers will be unable to hit the Persona endpoint themselves to resume inquiries. Your options are:
resume API endpoint for customers to hit whenever they need a new session token. This would call Persona’s resume endpoint in the backend.In either implementation, you will want to ensure you’re setting a practical inquiry expiration time.
When a dedicated inquiry is created, it’s pinned to the latest inquiry version. Having a dedicated inquiry be active for too long (months or more) may mean that users going through these inquiries going through outdated flows and configurations.
Keeping in mind the balance between outdated inquiries and user friction, you will want to work with your team to determine how long you want to keep an inquiry active for.
You can continue to resume the inquiry after its expired to get another session token to present the user, but you will likely want to check how old the inquiry is before you resume it, as a new inquiry version with updated logic may have been published. More information here.
We recommend against always making a call to resume the inquiry every time the user loads your app (instead of saving the session token), as you may run into API and inquiry session limits.