secured link with expiry date, to be emailed for instance, like "activate your account"
this is also used as a token
the idea is that the info required (account number, email whatever) is saved on the server side and given a unique ID/hash which is emailed.
update status as done - you should purge these entries every now and then
NOTE this will not delete it, because they may still need to be verified
invoke this only once - create the link, persist it and make a unique URL
this must be a def - otherwise it keeps creating it, eh?
verify that this should still be done - use the "SecLinkId" header to verify