# Interfaces
# Understanding interfaces
Interfaces allow access to the system with preset values for
- Wrapper
- Stylesheet
- Template
- Language
- User context
When accessing the interface the user is redireceted to the main page with the correct parameters set. In case the user context is active, a session with a matching user profile is also created i process.
The following types of record operations are allowed
- Create new records
- Update an existing record
### Create operations
Create operations require no additional security information and can be used directly.
URL for testing the interface:
http://\[server name\]/\[application\]/webinterface?\[interfacename\]
### Update operations
When updating an existing record a security token must be passed along to the interface:
- The right data is displayed for the user
- Bind user session to this piece of data
A security token contains
- a reference to the record
- a timestamp when the token was issued
- a signature that guarantees that the server issued the token
URL for testing the interface: http://\[server name\]/\[application\]/webinterface?\[interfacename\]=\[security token\]
Security tokens can be generated in various ways
- Create a status action that generates a notification
- Administrator tool: Designer > Modules > Admin Services > BuildSecuityToken
- Add the special "Token display" field to a solution
### Questionnaires and email invitations
Generation of security tokens are closely tied to the use of questionnaires and status actions.
The guide [Questionnaires](https://docs.tsnocode.com/books/entities/chapter/questionnaires "Tutorial/Questionaires") covers such an example.
# Using interfaces
Interfaces are access points for external users (someone using the system without a login).
For a more detailed description, please read: [Understanding interfaces](https://docs.tsnocode.com/books/entities/page/understanding-interfaces "Integration/Interface")
### Basic configuration
An interface has the following configuration options
- Interface URL
- Unique name of the service
- How should the interface behave
- Look and feel:
- Wrapper: "Outer" page design, possibly mimicing an existing website
- [Template](https://docs.tsnocode.com/books/templates/page/form-templates "Templates"): "Inner" page design
- Stylesheet: Color, font, styles etc.
- Language: Default language set on page
- [Use questionnaire](https://docs.tsnocode.com/books/entities/chapter/questionnaires "Tutorial/Questionaires"): Use multiple pages in stead of one big page
- What is the external user allowed to do
- Proxy user profile
- Allow UPDATE of existing records
- Allow INSERT of new records
Note that using and interface is no different than being a normal user: The external user will mimic the provided system user, and this user must have the appropiate permissions.
### Email tokens for access to existing records
A common usage is sending email tokens to external users.
Tokens will allow a certain user to update the content of a certain record. Usually these are tied together, where the email of the user is a field in the record.
Tokens contain a timestamp, so it is possible to invalidate the token after a specified amount of time
- **Token expiry**: Maximum allowed age of the token
Please not that tis use requires some additional configuration of the Status action that sends the emails.
### Other interface options
Control what happens after an update or insert operation
- **Succes message**: Displayed message (if not using questionnaire interface)
- **Failure message**: Displayed message (if not using questionnaire interface)
- **Redirect**: URL to send user to after updating/inserting their data
Extra security features
- **CAPTCHA**: User must take human test before using the interface (prevents robots from injecting data)
- **IP filter**: Specify which IP's are allowed to use the interface (prevent users from known problem countries)