I need to enable customers to book appointments through a custom JavaScript calendar without requiring them to log in. My plan is to send each customer a link containing a unique token stored in Dynamics. This token will be validated against a URL parameter using Liquid. Consequently, I believe I need to set the entity permission for the tokens table to anonymous.
Additionally, some data will be fetched using Liquid.
Is there a more secure way to achieve this?
The main goal is to allow customers to book an appointment and leave a note without the need to log in.