OverviewAccount and sign upYour public profileBooking managementBooking requestsAvailability calendarCancellation protectionLocum directoryOrganisation managementInvoicingExpenses and mileageNHS Pension formsTax planningEarnings overviewAdvanced reportingPocketSmith integrationXero integrationIR35 for locumsAgency and PAYE trackingBecome a locum GPBecome a locum pharmacistBecome an agency nurseBecome a locum paramedicBecome a locum physiotherapistLocum tax calculatorHMRC mileage calculatorFree invoice templateLocum GP rates UKLocum pharmacist rates UKAgency nurse rates UKLocum paramedic rates UKLocum physio rates UKBilling and subscriptionsReferralsDocument storeCalendar syncNotification preferencesSupport ticketsREST APIData export and privacy
Help centre

Workplace access links

How practices interact with your invoices and bookings by email, and how you respond.

What a workplace access link is

Every invoice email and booking-confirmation email Sessional sends on your behalf carries a 30-day signed URL. The recipient (the practice finance contact, the rota manager, whoever) clicks through and sees a Sessional-branded page with the invoice or booking detail. No account creation, no login, no password. The URL itself is the authentication.

Invoice URLs end in /w/inv/<token>. Booking URLs end in /w/bkg/<token>.

What the practice can do from the link

From an invoice link:

  • View the invoice detail, including line items, total, payment reference, and any note you attached.
  • Mark paid. This does not flip the invoice to PAID automatically. It records that the practice claims they’ve paid, with an optional note (e.g. “BACS ref 824221, scheduled 3 May”). You get a signal on your dashboard; you check your bank and confirm or reject.
  • Raise a dispute with a short written reason. This pauses auto-chasers on the invoice and lands in your inbox for action.

From a booking link:

  • View the booking detail (date, times, rate, practice).
  • Raise a dispute — for example, if they never booked you for that date, or the detail is wrong.

How “Mark paid” actually works

Note

Practices press Mark Paid. You confirm. A practice clicking Mark Paid does not flip the invoice to PAID on your side. It records a claim. You check your bank, then tap Confirm receipt (invoice flips to PAID) or Reject (claim cleared, chasers resume).

The reason for this two-step is practical: practices are not Sessional users. Their finance team can make mistakes (wrong invoice, wrong amount, wrong reference). Auto-flipping the invoice to PAID would silently corrupt your tax reserve and your records.

When a practice submits a Mark Paid claim you’ll see an amber banner on that invoice row with:

  • The claim timestamp
  • Any note they included
  • Two buttons: “Yes, money has arrived — mark paid” and “Not arrived — dismiss claim”

How disputes work

A dispute from the practice does three things:

  • Creates an open dispute record on the invoice or booking
  • Flips the invoice to DISPUTED status, which pauses the auto-chaser cron so no more automated emails go out while the dispute is open
  • Sends you an in-app notification (visible on your inbox and the dashboard attention row)

You have two responses on the invoice banner:

  • Accept dispute: you’ll adjust and re-issue. Invoice stays DISPUTED until you void + re-issue manually.
  • Reject dispute: practice was wrong. Invoice transitions back to OVERDUE (if past due date) or ISSUED, and auto-chasers resume on the next threshold.

For booking disputes (separate model) the same flow applies — the main purpose is so a practice can flag “we didn’t book this” before the shift actually happens.

Revoking a link early

Every invoice in your dashboard has a small “Revoke workplace access link” button in the row footer. Click it if you need to kill the link early — for example, you sent the invoice to the wrong email address, or a finance contact has left the practice. The practice will see a “This link was withdrawn” page if they click the now-revoked URL.

You can restore a revoked link with the same button (it toggles).

Security model

Workplace links are HMAC-signed with a secret held only on Sessional’s servers. A recipient can’t forge a link or guess someone else’s. The signature includes the invoice/shift ID and an expiry; neither can be tampered with without invalidating the signature.

The link is unique to the email recipient in the sense that it’s only emailed to them. If they forward it, anyone with the URL can view the invoice and raise a dispute, but cannot access anything else about your account. Mark Paid and Raise Dispute are scoped to that single invoice or booking.

Frequently asked questions

How long does the link last?
30 days from the moment the email is sent. After that the recipient sees an expired page with a note to contact you for a fresh link. You can re-send the invoice at any time to regenerate.
Can I turn this feature off?
Not currently. The email itself still contains all the invoice detail; the link is an extra convenience for the practice. We may add an opt-out if there's demand.
Does the practice need to verify their email?
No. They click through from the email that already arrived at their address. We don't re-verify ownership because the email was already delivered to that address.
What if the practice marks paid but the money never arrives?
Press Reject on the paid-claim banner. The claim is cleared and auto-chasers resume on the next threshold (day 14, 21, or 28 past due, depending on where you are in the cycle).
What if the link is opened after I’ve marked the invoice paid manually?
The page detects the closed status and shows the invoice as Paid. Mark Paid and Raise Dispute buttons are hidden.

Related

Invoicing · Auto-chasers · Inbox