Vrge

Client Portals (Sharing with Your Clients)

Client portals let you send a link to a specific client so they can see their project status, review deliverables, and check their invoices — all without creating a Vrge account. They open the link in any browser (Chrome, Safari, Edge) and see a read- mostly page scoped to just their data.

Portal sharing is a Team-tier feature. It requires the self-hosted server to be running and reachable from the internet, because your client's browser needs somewhere to connect to. Solo mode hides the Share button accordingly.

Prerequisites

  • Team tier license (Starter, Studio, or Agency) — the self-hosted server is the only piece that can serve portal pages to people outside your network.
  • Server running on a public domain with HTTPS — e.g. your-agency.com pointed at your team server via your reverse proxy (nginx/Caddy/Cloudflare Tunnel/etc.). Clients won't trust a raw IP or http:// link from a service provider.
  • (Optional) the White-Label Portal add-on ($49one-time) — replaces Vrge's logo and colors on the portal pages with yours. Portal sharing works without it; the addon is purely cosmetic.

Creating a portal link for a client

  1. 1.Open the client's detail page in Vrge (Clients → click the client).
  2. 2.Scroll to the Client Portal section and click Share Portal.
  3. 3.Pick an expiration: 7 days, 30 days, 90 days, or never. Shorter windows are better for one-off approvals; longer for retainer relationships where you want the same link to work throughout the engagement.
  4. 4.Click Copy link. You'll get a URL that looks like https://your-agency.com/#/portal/a7f3...92bc.
  5. 5.Email that link (or drop it in a DM, Slack, whatever) to your client. Each link is scoped to only that one client's data— you can reuse the same link with different people on the client's team, or create separate links per person if you prefer.

What your client sees

  • Their project list with progress bars, status, and deadlines.
  • Deliverablesawaiting their approval — they can click Approve or Request revision directly from the portal, and the status updates in your Vrge app in real time.
  • Invoices for their account: invoice number, amount, due date, paid/unpaid state. They can see everything they need to pay without logging in to a separate billing tool.
  • A recent activity feed (last 20 items) so they can see what's moved since they last looked.

What your client cannot see

  • Any other client's data — portal links are scoped to one client.
  • The client's own email, phone, or private notes — those stay internal to your team.
  • Project budgets, your time entries, or internal comments — the portal is intentionally a curated view, not a raw data dump.
  • Anything that would let them edit projects, add tasks, or otherwise change your data beyond approving deliverables on work you explicitly shared with them.

Revoking a link

Open the client's Client Portal section again and click Revoke next to the link you want to kill. The link stops working immediately — the next time your client refreshes, they see an “invalid or revoked” message. Useful when an engagement ends, a contact leaves their company, or you sent the link to the wrong address.

Custom domain (e.g. portal.your-agency.com)

Since you self-host the team server, you already control the domain it runs on. To send portal links from a dedicated subdomain like portal.your-agency.com, add a DNS A/CNAME record pointing at your server's public IP, configure your reverse proxy to route that hostname to the team server, and generated portal links will automatically use the domain the app is served from. No Vrge setting to flip — whatever hostname serves the app is the hostname in every new portal link.

Safety rails (already built in)

  • Rate-limited. Public portal URLs accept at most 60 page loads and 20 approve/revision clicks per minute per IP. Protects against accidental loops and anyone fishing for valid tokens.
  • Revoke-safe approvals. If you revoke a link at exactly the moment your client is clicking “Approve,” the approval is blocked — the server re-checks the token inside the same database transaction as the write. No stale “approved-after-revoke” rows.
  • Expiry is server-side. Your client's laptop clock being wrong doesn't matter — the server is the authority. An expired link is expired everywhere.