Send pass links in Email Studio

Generate authenticated Wallet Crew pass links in Salesforce Marketing Cloud Email Studio with AMPscript.

Email Studio can distribute authenticated links that open the right The Wallet Crew page for each contact. This is the standard pattern for pass download, reminder, and reactivation emails.

Complete Setup before building the content block.

Real-world examples

A welcome email gives a new loyalty member direct access to the pass page.
A reminder email targets contacts who still did not install the pass.
A reactivation email opens the pass page without a separate sign-in step.

How pass links work in Email Studio

The link is a JWT signed in Salesforce Marketing Cloud. The payload carries a customer identifier known by The Wallet Crew.

When the email is opened, The Wallet Crew verifies the token and resolves the right customer context.

Build the AMPscript block

The example below signs a token with the contact email.

AMPscript example

%%[
    var @tenant, @keyId, @json, @jwt, @email, @host
    var @epochStart, @expirationDate, @secondsSinceEpoch, @secondsToEnd

    set @keyId = '0000-00000000-0000000000-0000'
    set @tenant = 'xxx'
    set @email = Email
    set @host = 'https://app.thewalletcrew.io'

    set @epochStart = DateParse('1970/01/01 00:00AM')
    set @expirationDate = DateAdd(Now(), '3', 'Y')
    set @secondsSinceEpoch = Multiply(DateDiff(@epochStart, Now(), 'MI'), 60)
    set @secondsToEnd = Multiply(DateDiff(@epochStart, @expirationDate, 'MI'), 60)

    set @json = '{
        "email":"@email",
        "nbf": @secondsSinceEpoch,
        "exp": @secondsToEnd,
        "iat": @secondsSinceEpoch,
        "iss": "neostore.cloud",
        "aud": "@tenant"
    }'

    set @json = Replace(@json, '@secondsSinceEpoch', @secondsSinceEpoch)
    set @json = Replace(@json, '@secondsToEnd', @secondsToEnd)
    set @json = Replace(@json, '@tenant', @tenant)
    set @json = Replace(@json, '@email', @email)

    set @jwt = GetJWTByKeyName(@keyId, 'HS256', @json)
    set @link = Concat(@host, '/', @tenant, '/pass?neo.authToken=', @jwt)
]%%

Use the Salesforce Marketing Cloud external key value created during Setup as @keyId.

Use the The Wallet Crew tenant identifier as @tenant.

Use the tenant custom domain as @host when a custom domain is configured.

Use another identifier when needed

Email is not the only supported identifier. Any external identifier already known by The Wallet Crew can be used.

For example, a Cegid Y2 customer identifier can replace the email claim.

Payload claim example

"https://neostore.cloud/customer/identifiers:id.y2.customerId":"@customerId"

@customerId is the Salesforce Marketing Cloud field that stores the Y2 identifier.

Insert the link into content

Once @link is generated, Content Builder can attach it to a text link, image, or button.

A minimal example looks like this.

Email content snippet

%%[
  /* Insert the AMPscript block above */
]%%

<a href="%%=RedirectTo(@link)=%%">Open the pass page</a>

The same link can be reused in an email block, a reusable snippet, or an SMS message when the channel supports dynamic URLs.

Preview and validate

Validation should happen in Content Builder before the block is used in production.

Preview with a known contact

Use a test contact with a known identifier and render the content.

Check the generated URL

Confirm the rendered URL contains a non-empty neo.authToken value.

Open the link on a test device

Confirm the expected The Wallet Crew page opens for the correct customer.

Troubleshooting

The link renders, but the token is empty

Check the source field used in AMPscript.

For email-based links, confirm the contact record exposes a usable Email value.

The link is rejected by The Wallet Crew

Confirm the Salesforce Marketing Cloud symmetric key matches the The Wallet Crew secret configured during Setup.

The wrong customer context opens

Check the identifier used in the JWT payload.

The safest pattern is a stable external identifier already stored in The Wallet Crew.

FAQ

Is email the only supported identifier?

No. Any identifier already known by The Wallet Crew can be used.

Email is only the most common starting point.

Should the link point to the platform domain or a custom domain?

Use the tenant custom domain when one is configured.

Otherwise, use the default The Wallet Crew platform domain.

Can the same link be reused in SMS?

Yes, when the Salesforce Marketing Cloud channel supports dynamic URL rendering.

The same authenticated link pattern can be reused outside Email Studio.

Last updated 1 month ago

hashtagHow pass links work in Email Studio

hashtagBuild the AMPscript block

hashtagUse another identifier when needed

hashtagInsert the link into content

hashtagPreview and validate

hashtagPreview with a known contact

hashtagCheck the generated URL

hashtagOpen the link on a test device

hashtagTroubleshooting

hashtagThe link renders, but the token is empty

hashtagThe link is rejected by The Wallet Crew

hashtagThe wrong customer context opens

hashtagFAQ