Registration approval OR secret link


We have a running instance with >100 users, but i am struggling to set-up automated signup. It should be closed community, so registrations should either be a) approved manually (works perfectly) OR b) done through a secret magic link and then automatically be approved (does not work).

We currently have a) but but also like to have option b) is this doable? I get an error message when I setup and try to access the secret URL Do both methods work in parallel or are they mutually exclusive? Are there good alternatives?
The Invites to a channel only work for existing accounts and not for creating new ones, right?

Server Setup Information

  • Version of Rocket.Chat Server: 4.4.2

Any additional Information


This feature may be broken for the version you are at.

Check this issue for a discussion about it:

It was reported to be fixed in v4.6.1

Let me know if this helps.


Thanks for pointing this out! I’ll ask the colleagues for an update!

However, I find the documentation a bit slim on this point.
Would it work as desired after an upgrade? Can users that use this secret link automatically be approved as desired or would this rather move the currently public registration form (that requires manual approval) to a secret URL (still requiring manual approval).

Ideally, I would like to have both: A public form requiring approval and a hidden form or secret key where the accounts automagically get approved and the admins only get a notification.

It will not work as you want.

If you change the registration form to secret url, and set to Manually Approve New Users, it will always request approval.

Even when using the invite functionality.

However… you can leverage the invite feature and create a routine script, that will query for the users API, filtering by not active, that has a specific inviteToken, and activate them.

Something like this:

curl --request GET \
  --url 'http://localhost:3000/api/v1/users.list?fields=%7B%22inviteToken%22%3A%201%7D&sort=%7B%22createdAt%22%3A%20-1%7D&query=%7B%20%22active%22%3A%20false%20%7D' \
  --header 'X-Auth-Token: VUW7qbYoLg2R1oQDJdURVnFt-fzsTnXXV-3YRcMlVWs' \
  --header 'X-User-Id: 3nfjxWv54eHybZtY2'

or, decoded url:
http://localhost:3000/api/v1/users.list?fields={"inviteToken": 1}&sort={"createdAt": -1}&query={ "active": false }

So if the user has the inviteToken, it means it came from that specific invite url you want to auto approve, and you can activate it also using another API endpoint.

Let me know if this helps!