Hi evalast
Sadly, the nonce checking is a WordPress built-in security measure used for Ajax requests and cannot be bypassed.
You can read about nonces here:
https://codex.wordpress.org/WordPress_Nonces
So, in summary, you cannot share this kind of URLs with another user. It cannot work.
That user should log in to your wp-admin and do it manually from there (if has permissions to do so).
But if you don't want them to log in to your site, this would need custom development.
FYI, we are going to include a client portal in the Purchase Orders Premium add-on. Where the suppliers will be able to change PO statuses, etc.
Best Regards,
Salva.