But the question is:
Why can I, as an employee, open the customer centre via the link at the invoices without a password and not via the link at the top of the menu (see my screenshot at the beginning)?
As an employee/support person, I don’t know the customer’s password. Therefore, the call must work via the token, i.e. without entering the password for the employee/support staff. Otherwise the links don’t make any sense.
@david I believe the AP is sending the client_hash query param for both routes. Can you please check that it’s supported when using the contact.link URL.