Blog

Building a Trustworthy Endorsements System (Without Accounts)

30 January 2026

As I built my digital CV, I wanted endorsements to be more than just flattering quotes. They needed to be credible, respectful to the people writing them, and trustworthy to anyone reading them. This post explores how I designed an accountless endorsements system that gives submitters real control, keeps edits transparent, and balances openness with moderation.

Endorsement emails illustration

When I started building my digital CV, I knew I did not want it to be a static document. I wanted it to be something living, something that reflected not just what I say about my work, but what it has been like to work with me.

That naturally led to the idea of endorsements being baked directly into the site, not screenshots, not copied quotes, but something native to the platform itself.

But endorsements come with a responsibility. If someone is kind enough to write something about working with you, that endorsement needs to be credible to the reader and respectful to the person who wrote it. Anything else risks becoming empty praise or, worse, something that undermines trust.

This post walks through how I designed my endorsements system, why I chose an accountless approach, and how I tried to balance credibility, transparency, and control for everyone involved.


The core design goal: trust through control

From the outset, the goal was simple. If someone submits an endorsement, they should remain in control of it.

That control covers a few important things:

  • What information is shown publicly
  • Whether the endorsement can be changed later
  • The ability to remove it entirely

At the same time, the system needs to protect the site itself from spam, misuse, and bad-faith submissions.

That meant designing something that supports:

  1. Submitter-controlled privacy choices
  2. Secure editing and deletion without forcing accounts
  3. Transparency when changes are made
  4. Moderation before anything goes public


Privacy first: letting the submitter choose what is public

An endorsement is more than just a block of text. It can include identity, context, and credibility signals, but not everyone is comfortable sharing all of that.

So when someone submits an endorsement, they can choose what appears publicly, such as:

  • Their name or a name-withheld option
  • Their company or project
  • A LinkedIn profile link, if they want

Nothing is mandatory beyond the endorsement itself. The aim is to let people be as visible or as private as they feel comfortable with.

Email addresses are never displayed publicly. They exist only to support verification and transparency workflows.


Accountless edits: secure self-service without user accounts

Endorsers are not users of the site, and I did not want to force anyone to create an account just to leave or manage an endorsement.

At the same time, they should be able to:

  • View what they submitted
  • Edit it later
  • Delete it completely

Relying on a single emailed link felt fragile. If that link is forwarded or leaked, control is lost.

Instead, the system uses a one-time passcode flow:

  • The submitter visits an endorsement management page
  • They request a one-time code
  • The code is sent to the email address on record
  • Only after entering the correct code can they edit or delete

This keeps ownership tied to the email address without introducing full accounts or long-lived access links.


Transparency on edits: if I change it, they should know

Even small edits to someone else’s words can feel uncomfortable if they happen silently.

So transparency is treated as a feature, not an afterthought.

If I make an admin edit, for example to fix a typo or improve clarity, the submitter receives an email that includes:

  • A clear note that an edit was made
  • A summary of what changed
  • A link to review and make further edits if they want

They do not need to take action if they are happy, but they are never left guessing.


Deleting an endorsement

People change their minds. Circumstances change. That needs to be respected.

If someone decides they no longer want their endorsement displayed, they can remove it themselves using the same secure verification flow.

No awkward emails. No delays. No justification required.

Verify, delete, done.


From my side: openness does not mean unmoderated

It would have been easy to auto-publish everything and call it a day. That would also have been irresponsible.

Endorsements affect credibility, so quality matters.

For that reason:

  • New submissions start in a pending state
  • Nothing appears publicly until approved
  • Basic anti-abuse measures are in place, such as rate limiting and honeypots
  • I review submissions before they become part of the site

This keeps the system open without sacrificing trust or legitimacy.


Credibility: endorsements should feel real, not anonymous noise

Anonymous praise can be nice, but context is what makes an endorsement convincing.

When a submitter chooses to include it, endorsements can show:

  • The relationship context, such as client or colleague
  • Role or title
  • Company or project
  • A LinkedIn link

None of this is required. All of it is opt-in. But when it is present, it helps the endorsement feel grounded and genuine rather than performative.


Why this matters to me

This feature is not really about endorsements. It is about designing a system that treats people properly.

  • Control over what is shared
  • Visibility when changes happen
  • Secure self-service without unnecessary friction
  • Moderation that protects credibility

If you are building anything that includes user-generated content, especially content tied to real people and real work, these patterns scale well.

Privacy, verification, transparency, and moderation are not extras. They are the foundation.