Expensify.org is accepting proposals for new campaigns. Submit yours here by April 30th to receive up to $100,000 in funding for campaigns dismantling injustice related to: Climate, Homes, Hunger, Reentry, or Youth.

[Product Change] We’ve made secure receipt URLs the default for all policies

Matt MooreMatt Moore Expensify Customer, Expensify Success Coach - Admin, Expensify Team Posts: 111 Expensify Team
edited January 23 in Product Updates

In February 2020, we released a powerful security feature that allows admins to block company outsiders from accessing receipt image URLs unless they have an Expensify account with access to view the receipt in Expensify directly. 

In Policy settings, Public Receipt Visibility was previously enabled by default

To ensure that receipts are secure for all users who need them to be, we have disabled Public Receipt Visibility (as a default) for all policies. This will mean that receipts are only viewable by Expensify users who have access to view the receipt in the application. If a user sees this error:


Either they are not signed into Expensify, or a Policy Admin needs to grant access to this receipt image to the user.

How to grant receipt access to external parties:

  • Invite the user to your policy if they’re likely to submit expense claims in the future: 
  1. To invite a user into your policy, head to Settings > Policies > Group > [Policy Name] > People.
  2. Use one of the policy joining options to invite someone into your policy. 
  • Share the report with them using the Share button.
  1. To share a report, head to the report page and open the Details pane on the right side of the page.
  2. Click the sharing icon and add the user’s email.

Enabling Public Receipt visibility

To enable Public Receipt Visibility, head to Settings > Policies > Group > [Policy Name] > Expenses > Expense Basics.

Sign In or Register to comment.