What are Checksum tokens and why do I need them?

Checksum tokens generate personalized links* that allow users to be identified when interacting with your website without logging in! When users click on a checksum link, they are directed towards a standalone profile, contribution or event page where any contact information already in the database will auto-populate. This saves your constituents the hassle of logging in and repetitively filling out contact information.

What else are checksum tokens good for?

  1. Ensure data integrity by making it impossible to duplicate an existing contact record or to overwrite another’s contact information where the same email is used for more than one contact.
  2. Can be used to limit event registration to a targeted group without the need to go through the time-consuming process of participant approval. 

*Important: 

  1. Checksum tokens are personalized links meant for the sole use by the intended recipient - include clear instruction in your communications that the checksum token should not be forwarded for use by someone else as this will result in the overwriting of the contact record for which the checksum token was generated

  2. Checksum tokens should only be sent to individual contacts, never to organizations - if you allow individual contacts to make online donations or renew membership on behalf of organizations, direct all communications with checksum tokens to the individual contact record that has a permissioned "Employee of/Employer of" relationship with that organization - if the information submitted is different from the existing information in the database, the system will know whether to update the individual's or the organization's contact record (to avoid duplicate membership renewals, there should only be one permissioned contact per organization)

  3. For security purposes, checksum tokens expire seven days from the time the email is sent - if a contact clicks on an expired checksum token, they will receive a browser error, so you’ll want to include this in your communications as well

Checksum tokens can only be generated for contacts who already exist in your database and are made up of two parts:

  1. The full URL of the component (i.e. standalone profile, contribution or event page, and petition) - these will vary by CMS
  2. Followed by the checksum token - these will vary by component

Find the Component URLs:

  • Contribution Pages
    1. Navigate to ContributionsManage Contribution Pages
    2. Click on the Configure hyperlink to the right-hand side of the contribution page in question and select Title and Settings
    3. Scroll to the very bottom of the page and copy the URL listed
  • Event Pages
    1. Navigate to Events Manage Event Pages
    2. Click on the Configure hyperlink to the right-hand side of the event in question and select Info and Settings
    3. Scroll to the very bottom of the page and copy the URL listed
  • Profiles
    1. Navigate to Administer Customize Data and Screens > Profiles
    2. Click on the More hyperlink to the right-hand side of the profile in question and select Use - Edit Mode
    3. Copy the URL from your browser
  • Petitions
    1. Navigate to Campaigns > Dashboard Petitions
    2. Click the More hyperlink to the right-hand side of the petition in question and select Sign
    3. Copy the URL from your browser

Include the Checksum Token per Component:

  • Checksum for Contribution Pages: Add the characters in bold after IDNUMBER (this is the ID of your contribution page listed as an integer as copied per the instructions above):
    • Drupal & Standalone+ Clients: http://example.org/civicrm/contribute/transact?reset=1&id=IDNUMBER&{contact.checksum}&cid={contact.contact_id}
    • Joomla!: http://example.org/index.php?option=com_civicrm&task=civicrm/contribute/transact&reset=1&id=IDNUMBER&{contact.checksum}&cid={contact.contact_id}
    • WordPress: http://example.org/?page=CiviCRM&q=civicrm/contribute/transact&reset=1&id=IDNUMBER&{contact.checksum}&cid={contact.contact_id}
  • Checksum for Standard Profiles: Add the characters in bold after IDNUMBER (this is the ID of your profile listed as an integer as copied per the instructions above):
    • Drupal & Standalone+ Clients: http://example.org/civicrm/profile/edit?reset=1&gid=IDNUMBER&{contact.checksum}&id={contact.contact_id}
    • Joomla!: http://example.org/index.php?option=com_civicrm&task=civicrm/profile/edit&reset=1&gid=IDNUMBER&{contact.checksum}&id={contact.contact_id}
    • WordPress: http://example.org/?page=CiviCRM&q=civicrm/profile/edit&reset=1&gid=IDNUMBER&{contact.checksum}&id={contact.contact_id}
  • Checksum for Event Registration Pages: Add the characters in bold after IDNUMBER (this is the ID of your event page listed as an integer as copied per the instructions above):
    • Drupal & Standalone+ Clients: http://example.org/civicrm/event/register?reset=1&id=IDNUMBER&{contact.checksum}&cid={contact.contact_id}
    • Joomla!: http://example.org/index.php?option=com_civicrm&task=civicrm/event/register&reset=1&id=IDNUMBER&{contact.checksum}&cid={contact.contact_id}
    • WordPress: http://example.org/?page=CiviCRM&q=civicrm/event/register&reset=1&id=IDNUMBER&{contact.checksum}&cid={contact.contact_id}
  • Checksum for Petition Signature Pages: Add the characters in bold after IDNUMBER (this is the ID of your petition listed as an integer as copied per the instructions above):
    • Drupal & Standalone+ Clients: http://example.org/civicrm/petition/sign?reset=1&sid=IDNUMBER&{contact.checksum}&cid={contact.contact_id}
    • Joomla!: http://example.org/index.php?option=com_civicrm&task=civicrm/petition/sign&reset=1&sid=IDNUMBER&{contact.checksum}&cid={contact.contact_id}
    • WordPress: http://example.org/?page=CiviCRM&q=civicrm/petition/sign&sid=IDNUMBER&reset=1&{contact.checksum}&cid={contact.contact_id}

Hyperlink the Checksum Token in an Email:

  1. Select the text or image that you want to display as a hyperlink
  2. Click the Hyperlink icon
    image
  3. Type or paste your link in the URL field, then click the OK button
    image

IMPORTANT:
Be sure to test the checksum token by sending yourself an email and clicking on the link in an "Incognito" window (i.e. without being signed into CiviCRM) - whatever information you have on your contact record should appear pre-filled in the profile.