Hi Abhishek,

It all depends on what you include in your link.

It is a usual practice to keep a GUID in the link. Save that GUID in your entity, add an expiry attribute in that entity so you can check if the link is expired. Add another attribute to store if this GUID is already used up (means user already clicked on it once).

Once expired, or the link clicked etc., you can either delete the record, or just display error message that the GUID is no longer valid.

So the user clicking it twice will see the appropriate error message. Make sure you invalidate the GUID only when your flow is successfully executed. Like if the user is required to reset password after clicking on link, you mark the GUID as invalid only after the password reset is completed once, not only on the click of link.

Make sure to use a GUID type value instead of human readable values like username, email, User ID etc in your link.