Encrypted Parameters: Security and Convenience for Your Giving Pages (Part 2 of 2)

At RaiseDonors, we’ve developed technology which allows you to pre-fill the donation page with your donor’s information in an encrypted and obfuscated way.

But how do you implement this incredibly secure tool to protect your organization and your donors?

That’s what we’re going to talk about in our article today.

Now, the following info is really for your IT staff, so please don’t get too stuck on the technical jargon here. In fact, you might just want to forward this article along to your web department or IT department to make sure that you have the most secure setup possible for your RaiseDonors pages.

By encrypting donor information, malicious users (i.e., hackers) will have a difficult or even impossible task in trying to steal your donor information.

To begin, I want to show you how to use URL parameters to delight your donors with pre-fill donation forms.

How to Set Up Pre-filled Donation Forms

Using URL Parameters

To get started with pre-filled donation forms you need to know how to build URL’s with multiple parameters.

For example, a link to customize the form’s amount, billing country, and comment would look like this:


It’s important to note the following:

  • the first parameter is prepended with “?”
  • all subsequent parameters are added to the URL with “&”
  • after each parameter place an “=” and then assign the value you would like prepopulated

Standard Parameters

The following list of parameters control various configurations and layout of the donation form. Nothing here is related to personal identifiable information (PII).

You are encouraged and able to use these parameters whenever needed without hesitation.

Donation Amount

Pre-populating the donation amount field can happen in a variety of ways depending on how the donation page is configured.

  • Donation page for a single fund The “amt” parameter will pre-populate the amount text box.
  • Donation page for single fund (showing list of funds) The “amt” parameter will pre-populate the amount text box.
  • Donation page for multiple funds * The “amt” parameter will not work. Instead you need to use a combination of the ‘fund-amt” and the “fund-code” to build a parameter. This parameter determines which amount text box(es) will be pre-populated.

For example, let’s say you have a donation page setup to show 2 funds with these codes:


To build the parameter needed to pre-fill each fund on the donation form, you’ll need to follow this template:

fund-amt-{Fund Code}={Amount}

So if you want to prefill one fund with $50 and another with $75, the parameters would look like this:


So a link with billing country, comment, and donation amounts for 2 funds would look like this:


This would populate Sample Fund 1 with a gift of $50 and Sample Fund 2 with a gift of $75.

Pre-select recurring donation option

If a donation page is configured to allow recurring donations, using the “setrecurring=true” parameter will load the donation page with the recurring donation option checked by default. For example:


If the donation page is configured to only accept one-time donations, this parameter is ignored.

If the donation page is configured to only accept recurring donations, this parameter is ignored.

Fund Designation

You may pre-select, assign, or overwrite the fund designation on two types of donation pages:

  • Donation page for single fund
  • Donation page for single fund (showing list of funds)

You can pass the parameter “fund-code={your code}” to have a page load with the designated fund pre-selected or assigned to the page.  If the page already has a fund assigned to it in the Page Builder, the code you pass via the URL will overwrite that code.

For an example of a URL to use the Fund code SampleCode: 


Sensitive Parameters: Where the Threat Lies

The following is a list of parameters that need to be given special consideration when using because they are the parameters that are linked to your donor’s PII.

Remember, there are inherent risks and vulnerabilities when using these parameters.

First Namefname
Last Namelname
Email Addressemail
Phone Numberphone
Billing Addressbillingaddress
Billing Citybillingcity
Billing Statebillingstate
Billing Postal / Zip Codebillingpostal

Address Parameters

Domestic vs international addresses

These parameters are more advanced as RaiseDonors can also support international and military addresses.

If you specify billingcity, billingstate, and billingpostal — then billingcountry must also be specified.

The system will setup the form for an international address if the country provided is not the United States. The billingcountry determines how the address fields will be set up (ie: international vs domestic).

You may specify billingaddress by itself.

United States

Below are valid values for the billing country to be considered “United States”.

  • US
  • USA
  • United States
  • United States of America

If the address is a United States Address, the billingstate can be ISO2 or full text to be read by RaiseDonors (ie: TX or Texas). RaiseDonors follows the USPS standard ISO2 and full text specification.

A full list of States and Territories found within the United States is provided by the United States Post office. View the “state” drop down list from USPS for the complete list.


Below are valid values for the billing country to be considered “Canada”.

  • CA
  • CAN
  • Canada

If the address is a Canadian address, the billingstate can be ISO2 or full text to be read by RaiseDonors. The following is a list of valid Canadian provinces.

NameISO 2
British ColumbiaBC
New BrunswickNB
Newfoundland and LabradorNL
Nova ScotiaNS
Northwest TerritoriesNT
Prince Edward IslandPE

Military addresses

For military, the Country must be set to “United States” and the City must be one of the following:

  • APO
  • FPO
  • DPO

If the country is United States and there is a match on one of these cities, then the address fields will be setup for a military address.

Here’s an example. A link with donation amount, comment, and billing address:

https://raisedonors.com/{your-org}/{your-page-name}/?amt = 150 &comment=some-custom-provided-comment&billingAddress=123 Test St.&billingCity=some-city&billingState=TX&billingPostal=78737&billingCountry=USA

Using Encrypted Parameters

RaiseDonors provides a mechanism, encrypted parameters, to obfuscate and encrypt PII information in the URL.

This approach is highly recommended when building URL’s to pre-fill with the donors information.

This is how to use encrypted parameters to protect your donor’s sensitive information from hackers. (Again, this may be appropriate to share with your IT or web teams.)

Encrypted Donor Information (PII)rd-encrypted-pii

You’ll need to download this template and fill it in with your donors information.

The columns in this CSV template are identical to the data points listed in the “Sensitive Parameters” table.

  • First Name
  • Last Name
  • Email Address
  • Phone Number
  • Billing Address
  • Billing City
  • Billing State
  • Billing Zip/Postal

You are not required to provide all of these parameters. The only requirement is that at least one column has a value for the donor. For instance, if all you have is the First Name, then the donation form will load with only the first name pre-populated.

Data to fill in the CSV can come from any source, and the information does not require a matching record in RaiseDonors.

If your goal is to acquire new donors, then it’s possible the majority of the donors in the CSV do not exist in RaiseDonors. That’s OK.

The donation page(s) will still pre-load with the supplied donor information. Load the completed CSV into RaiseDonors by logging into the RaiseDonors encryption tool.

Some things to know.

The encryption key is automatically set for you and is not visible to you.

This key is used to encrypt donor’s PII information. You are free to leave this key as-is forever.

Or, you can change the key as frequently as you wish. But doing so will invalidate any previous URL from loading the donors information.

The donation page will continue to load and operate, but it will not be pre-populated with the donors information.

The expiration date is configurable and determines how long the encryption is valid for.

If you want the link to populate donor information on the page for the next 7 days only, you can set an expiration date for 7 days from now.

Up to that future point, the donation page will load with the donors information pre-populated.

After the expiration date, the donation page continues to operate, but will not pre-load with any donors information.

Other parameters will continue to operate as expected.

If you have supplied any custom url parameters (ie: UTM_ codes) or any “Standard” parameters from RaiseDonors, those will continue to operate independently of the encryption settings.

How does all of this work together?

After you upload the CSV with all of your donors information, RaiseDonors will encrypt the data and email you a new CSV file with the encrypted data.

The file in the email will contain all of the original information you supplied, with one new additional column. The new column will be titled “rd-encrypted-pii” and the values in each row are the encrypted representation of all the donor’s information. The next steps will vary depending upon your process and email automation service being used. But the fundamental concept is, you no longer want to build a URL which looks similar to:

?fname=Tom&lname=Jones&billingAddress=123 Test St.

Instead, you want to use the new encryption token, which provides the same functionality in a secure way and replaces all of the “sensitive” parameters.

Your new URL will look something similar to,


That’s a really long URL!

Yes, and it’s also encrypted and secure. Whatever information you provided in the CSV for the donor, will be loaded into the donation page when this URL is clicked, so long as the expiration time has not passed.

The url parameter “rd-encrypted-pii” replaces ALL of the parameters listed in the “Sensitive Parameters” table.


Can I add other custom url parameters when using the encrypted PII parameter?

Absolutely. The parameter “rd-encrypted-pii” is just one of limitless tokens you can use. You can use any…

  • of the “Standard” parameters listed above
  • Google analytics parameters (ie: UTM codes)
  • custom parameters for your organization
  • parameters supplied by a 3rd party service

How do I update the encrypted parameter value if a donor’s information changes?

You’ll need to upload a fresh CSV to RaiseDonors with the current donor information and retrieve the email from RaiseDonors containing the new encrypted value.

Can I continue using “Sensitive” parameters without encryption?

Yes. However, RaiseDonors urges you to consider modifying your process to use the encrypted parameter and thus, encrypt your donor’s PII information.

Why aren’t other vendors doing this already?

We can’t answer why other systems don’t have solutions in place for this. But you should consider raising the question to them and see how they respond and what solutions they have.

Or better yet, just use RaiseDonors! 🙂

Isn’t this really complicated and overkill?

RaiseDonors has a process to continually monitor exposure and risk. We do this to protect you and your donors.

We strive to be leaders in the industry and informed of the ever changing threat index. But with a little extra effort on your part, you can ensure you are protecting your donor’s PII to the best of your abilities.

Is there a maximum number of parameters allowed in the URL?

Yes. It is not based on the number of parameters, but it is based on the number of characters in the URL.

The standard safety line is 2,000 characters. If the complete URL is less than 2,000 characters, you are good to go. However, the farther past 2,000 characters the URL goes, the less likely all of those parameters will be read by the browser.

This limitation is imposed differently across each browser and version of the browser.

RaiseDonors does have a built-in mechanism to contact you if a loaded donation page’s URL exceeds 2,000 characters.

However, please understand that it is not RaiseDonor’s responsibility to ensure the URL is less than 2,000 characters.

Security Is Worth It

Security comes at a price.

It will add a step to your IT and web organization process in creating donation pages, perhaps making it more complicated.

But thwarting all hackers from accessing your information is worth the effort and resources that you put into it!

With great flexibility comes responsibility. Leverage all of RaiseDonor’s cutting-edge security features to keep you and your donors safe from online attacks.