Skip to main content

Send Public Pledge Payment Links

Goal: Make it easy for a donor — even one who isn't logged into Ayuna — to pay an installment on their pledge from an email link.

  • A donor without an Ayuna account who paid their first installment by check and now wants to pay future ones online
  • A spouse / executor / family member paying on behalf of the original donor
  • A donor on the road who can't easily log in but wants to send a payment

For donors with an active account, the in-app pledge dashboard at /my-pledges/:pledgeId is more secure — they're authenticated and can see full pledge history.

How public pledge payment works

Each pledge has a public payment endpoint with a token-based URL of the form:

/pledges/pay/:pledgeId

When a donor clicks through, they see:

  • The pledge total and balance remaining
  • Next installment due and amount
  • A payment form (card or ACH)

They pay; the payment lands as a Donation tied to the pledge, the installment is marked paid, and a receipt is emailed.

Three ways to share:

  • One-off email — paste the link into a personal email when the donor asks to pay
  • Templated reminder — when sending a pledge reminder, include the link in the email body
  • From the donor profile — copy the link to clipboard from the pledge detail page

Security considerations

The token in the URL is the gate. Treat it like a checkout link:

  • Don't post in public channels (Slack, social, websites)
  • It's safe to send to the donor's known email
  • Regenerate the token if a leak is suspected — old links stop working

Giving the donor confidence

Donors paying through a public link want reassurance:

  • The page should be on your domain (Ayuna handles this) — it shouldn't redirect them somewhere unfamiliar
  • Affiliate name and pledge details should be visible before they enter card info
  • The receipt should arrive promptly so they have proof of payment

The page is designed to give all three. If a donor reports confusion, walk them through what they see — that's usually a UX issue we want to know about, not a real security concern.

What if someone else tries to pay

The token is tied to the pledge, not the donor's identity at click time. Anyone with the link can pay. If you receive a payment from an unexpected payer:

  • The Donation is recorded under the original pledge donor
  • Payment method shows the card used (which may belong to someone else)
  • A note from staff in the donation record clarifies who actually paid

This is rare and usually benign (a spouse or family member paying), but it's worth documenting when it happens.