Do I need to use user logins, or can I password protect individual pages with just a password?

We are using Bubble to create a super basic order tracking portal for our customers. While I could create usernames and passwords for them, our preference would be to instead just send them a link directly to their order page, that when loaded, prompts them for a password to access it. We’d set the password for each order. Anyone with the URL and the password would be able to view the details, but the user should not be able to view any other order or page without the password to that page.

Is that possible to do in Bubble or do I need to use users with login? These are basic orders with not much details on them so security is not as much of a concern.

I was thinking having all elements possibly hidden on a page, or a solid shape over top of them, and then a password box on top of it, where the password is saved to a field on the current record. The user enters the password in the text box and presses Continue, and if the password matches, it hides the password box and makes the other elements visible, otherwise it says wrong password. That’s how I was picturing it working but maybe there’s other ways so wanted to check. Thanks!

Thanks for posting! This would be possible and your suggested method sounds like it would work well for that. I might further recommend using the password flow you described to then set a state, and hinging the visibility conditionality of the page elements on whether the state is set or not. That would also allow for further security of the visibility of the elements.

The last piece you might want to consider would just be making sure your privacy rules are set up so that the rest of the application is secure, which you may have already considered or done.

What you can do is-

Generate the order URL and save that link with the password in the database. So when the user enters the password, you can match it with the database.