Troubleshooting Guide: When One-Time Links Don’t Work

One-time links are designed to be reliable, but a few edge cases can get in the way. Use this guide to resolve issues quickly and help recipients regain access without compromising security.

Quick Diagnostic Checklist

1. Has the link already been opened? One-time means single view.
2. Has the 24-hour expiration window passed? Links auto-delete.
3. Is the recipient behind a strict firewall or proxy? Some networks block unknown domains.
4. Was client-side encryption enabled? The passphrase must match exactly.
5. Is the recipient using an outdated browser? Web Crypto requires modern engines.

Scenario 1: Link Shows “Already Viewed”

• Confirm whether the sender or recipient previously opened the link
• Review audit logs for timestamps and IP addresses
• Regenerate the secret and share a fresh link
• Educate the recipient on copying the link without prefetching (many chat apps generate previews)

Tip: Slack and Teams can unfurl links, triggering auto-destruction. Share the link inside code fences or disable previews in channel settings.

Scenario 2: Link Has Expired

• The sender can increase the expiration window up to 7 days using enterprise settings
• Consider scheduling secrets closer to the moment they are needed
• Automate alerts so recipients know a secret is about to expire (via Slack/Teams reminder)

Scenario 3: Recipient Sees “Unable to Decrypt”

• Ensure the passphrase matches exactly (case-sensitive)
• Check that the passphrase was sent out-of-band to avoid interception
• Ask the recipient to switch to a modern browser (Chrome, Edge, Firefox, Safari 15+)
• Confirm the organization’s security software isn’t stripping encrypted payloads

Scenario 4: Network Blocks CipherSend

• Provide your IT team with CipherSend’s allowlist: ciphersend.link, api.ciphersend.link, kv.ciphersend.link
• Advise recipients to test from a mobile hotspot to bypass corporate filters
• For regulated industries, offer the self-hosted deployment option

Scenario 5: Recipient Cannot Click the Link

Some messaging tools (or PDF attachments) break URLs. Workarounds:

• Use the “Copy URL” button in CipherSend and paste in plain text
• Send the link as a shortened deep link (CipherSend auto-generates a fallback short link)
• Share via QR code for internal teams scanning from mobile devices

Scenario 6: Automated Systems Accessing the Link

CI/CD systems or scanners might follow the link automatically, burning it before humans see it.

• Disable link unfurling in integration settings
• Provide separate machine-to-machine secrets via the CipherSend API with machineAccess: true
• Use conditional access: allow only whitelisted IPs or require passphrase entry

Incident Response Playbook

1. Document what the recipient experienced and the error message
2. Validate the secret was indeed destroyed (audit log)
3. Issue a new secret with a shorter lifetime and shared passphrase
4. Educate sender/recipient on preventing the issue recurring
5. Review whether automation can replace manual sharing

Prevention Checklist

• ✅ Disable link previews in communication tools used for secrets
• ✅ Share passphrases in a different channel than the link
• ✅ Use enterprise policies to pre-set expiration windows
• ✅ Leverage webhooks to confirm secret access in Slack or email

Need hands-on help?

Last updated: November 5, 2024 Reading time: 6 minutes