How to Create a Link That Expires After First View

You need to send someone a password, an API key, a set of instructions, or any piece of sensitive information. You want them to see it once, and then it should vanish. No copies floating around in email inboxes. No link that can be revisited days later. Once viewed, it is gone.

This is what one-time links do. They self-destruct after the first view, ensuring that the information is accessible exactly once.

Why One-Time Links Matter

Every persistent link is a potential security risk. Consider what happens when you send a password through a regular link or message:

• The message sits in the recipient's inbox (and yours) indefinitely
• Anyone who gains access to either inbox can see the password
• The message can be forwarded, screenshotted, or copied
• Search functions in email and chat apps make old messages easy to find
• Even "deleted" messages may persist in backups and server logs

A one-time link eliminates the persistence problem. After the recipient views the content, the link becomes permanently invalid. If someone tries to access it later — whether through a compromised inbox, a forwarded email, or a leaked URL — they get nothing.

Common Use Cases

Sharing Passwords

When you need to send a Wi-Fi password, a shared account login, or a temporary access code. The recipient sees the password once and saves it. The link is no longer accessible.

Sending API Keys and Tokens

Developers frequently need to share API keys, webhook secrets, or authentication tokens. A one-time link prevents these credentials from sitting in Slack channels or email threads where anyone on the team can find them later.

Confidential Instructions

One-time instructions for accessing a secure facility, a private event location, or a confidential meeting room. The recipient reads the instructions, and they disappear.

Surprise Reveals

Gender reveals, surprise party details, gift information — anything where you want the recipient to experience the content once without the ability to share the link with others.

Temporary Access Credentials

IT departments onboarding new employees often need to share initial login credentials. A one-time link ensures the credentials are accessed once during onboarding and then no longer exist in any shared medium.

Step-by-Step: Creating a One-Time Link on LOCK.PUB

LOCK.PUB supports one-time links for all content types. Here is how to create one:

For Text Secrets (Passwords, Keys, Instructions)

Step 1: Select Memo Go to lock.pub and select the Memo content type.

Step 2: Enter Your Content Type or paste the sensitive information. This could be a password, an API key, a set of instructions, or any text you want to share once.

Step 3: Set a Password Choose a strong password. The recipient will need this to access the memo. This adds a second layer of protection — even if someone intercepts the link, they cannot access the content without the password.

Step 4: Enable One-Time View Set the view limit to 1. This ensures the content is permanently deleted after it is viewed once.

Step 5: Set a Time-Based Expiration (Optional) Add a time-based expiration as a safety net. If the recipient does not view the link within, say, 24 hours, it expires automatically. This prevents a forgotten link from sitting active indefinitely.

Step 6: Generate and Share Copy the generated link and send it to the recipient. Send the password through a separate channel.

For URL Redirects

Step 1: Select Link Select the Link content type.

Step 2: Enter the Destination URL Paste the URL you want to protect. This could be a Google Drive link, a private website, or any URL.

Step 3: Set Password and One-Time View Configure the password and set the view limit to 1. After the first person enters the correct password and is redirected, the link becomes permanently inactive.

Step 4: Share Send the link through one channel and the password through another.

How One-Time Links Work Technically

Understanding the mechanism helps you trust the security:

1. Content storage — The content (text, URL, etc.) is stored on the server, protected by the password
2. View counter — The server tracks how many times the content has been accessed with the correct password
3. Threshold check — When the view count reaches the limit (1 for one-time links), the content is permanently deleted from the server
4. Subsequent requests — Any future attempts to access the link return a "content not found" or "link expired" message
5. No recovery — Once deleted, the content cannot be recovered by anyone, including the service provider

Comparison: One-Time Link Tools

Feature	LOCK.PUB	OneTimeSecret	PrivNote	Password.link
One-time view	Yes	Yes	Yes	Yes
Password protection	Yes	Yes	No	Yes
Time-based expiration + view limit	Yes (both)	Time only	First view only	Time only
Multiple content types	9 types	Text only	Text only	Text only
Custom view count (2, 3, 5)	Yes	No	No	No
Read confirmation / analytics	Yes (Pro)	No	Email notification	No
Multi-language	12 languages	No	No	No
Free tier	Yes	Yes	Yes	Yes

One advantage of LOCK.PUB over other one-time link tools is the ability to set custom view counts. Instead of strictly one-time, you can set the limit to 2 views (useful when you want to verify the content yourself before sending) or 5 views (when sharing with a small group).

Best Practices for One-Time Links

1. Always Add Password Protection

A one-time link without a password means anyone who intercepts the link can read it first. The intended recipient then gets a "link expired" message and never sees the content. Always set a password and share it separately.

2. Combine Time Expiration with View Limits

Set both a view limit and a time-based expiration. For example: self-destruct after 1 view OR after 24 hours, whichever comes first. This covers the scenario where the recipient never opens the link.

3. Verify the Recipient Received the Content

After sharing a one-time link, confirm with the recipient that they successfully accessed it. If they report the link was already expired, someone else may have viewed it first — a potential security concern.

4. Use Descriptive But Non-Revealing Link Text

When sharing the link in a message, do not write "Here is the admin password for the production server." Instead, write "Here is the information we discussed." Keep the context minimal in the message itself.

5. Do Not Rely on One-Time Links Alone

One-time links prevent persistent access, but they do not prevent the recipient from copying, screenshotting, or writing down the content during that single view. For maximum security, combine one-time links with verbal confirmation and credential rotation.

Common Mistakes to Avoid

Sending the Link and Password Together

If you email the link and include the password in the same email, a compromised inbox exposes everything. Always use separate channels.

Setting No Time Expiration

A one-time link that never expires (only destroyed on view) can sit active for months if the recipient forgets about it. Always add a time-based expiration as a fallback.

Sharing One-Time Links in Group Chats

If you post a one-time link in a Slack channel or group chat, the first person who clicks it consumes the view. Everyone else gets nothing. For group sharing, set the view count to match the number of recipients, or create individual links for each person.

Not Verifying Access

If you do not confirm that the right person accessed the content, you have no way of knowing whether the link was intercepted. Always follow up.

The Bottom Line

One-time links are the simplest way to share sensitive information without leaving a permanent digital trail. The content exists for exactly one viewing and then disappears from both the link and the server.

Create your first one-time link at lock.pub — it takes less than 30 seconds, and the content vanishes after the first view.