We need to figure out a way to make that foolproof so that no dev can make the mistake of sharing the same link that has permission to spend. 

Kinda like sharing an npub and not an nsec.