Seoxpert.io
Get started
Home/Docs

Client portals

Hand a client one read-only URL that always shows the latest scan for their domain. No login, no account, no PDF re-uploads — they refresh, they see fresh data.

Pro & Agency
Mint a portal linkSee plans

What a portal is

A client portal is a public URL — /portal/<token> — scoped to a single domain. When a visitor opens it, the page shows the most recent completed scanfor that domain. When you run a fresh scan tomorrow, the same URL shows the new results. The client doesn't need to bookmark a different link or get a new PDF every month.

The page is read-only — health score hero, finding categories, top issues, severity breakdown, mobile readiness, top problematic pages. No fix guidance (the agency interprets), no "copy to dev" buttons, no settings, no billing. It's a deliverable surface, not a self-service tool.

Portal vs share link — when to use which

Use caseUse this
Client wants to see this specific scan, frozen in timeShare link (per-scan; /share/<token>)
Client wants ongoing visibility — "show me the latest"Portal (per-domain)
Multiple agencies share the same prospect domainBoth safe; portal scopes to (workspace, rootUrl) so neither leaks the other's scans

How to mint one

  1. Open Client portals.
  2. Click New portal. Pick the domain (one of your registered domains), give it a label ("Acme Corp Q4"), and set an expiry — defaults to one year out, max one year, or hit No expiry for a link that lives until you revoke.
  3. Click Create portal. The full URL appears in the row — copy it and email to the client.

Auto-refresh while scans are in flight

If the client opens the portal mid-scan, the page polls for status every 10 seconds and re-renders as soon as the scan finishes. They don't need to manually refresh. Once the scan completes, polling stops.

Branding — Agency only

On Agency, the portal renders with your saved logo, accent colour, and footer (set in Settings → Branding). On Pro, it renders with Seoxpert defaults. The PDF download from the portal follows the same rule — the agency's brand on Agency, Seoxpert on Pro.

See White-label branding for what you can customise.

Security model

The token in the URL isthe secret. There's no separate password or login — possession of the URL grants access. UUIDs give 122 bits of entropy which is plenty for a defensively-shared link, but treat the URL like a password: don't paste it into public chat channels, don't commit it to a repo.

When you revoke a portal from the dashboard, the URL returns 404 immediately. There's no grace window.

Cross-workspace defence

The latest-scan lookup scopes by both workspace_id and root_url. If two different agencies happen to scan the same prospect domain, neither's portal accidentally surfaces the other's scans. The scoping happens server-side in the data fetch, not in a UI filter — so a token leak doesn't expose anything beyond what the agency configured for that token's domain.

Plan availability

Portals unlock on Pro and Agency. Solo consultants on Pro need them too — only the white-label cosmetics on the portal page itself are gated to Agency.