diff --git a/tests/py/test_payout_status.py b/tests/py/test_payout_status.py
index 24469c4ad6..b0ec19328e 100644
--- a/tests/py/test_payout_status.py
+++ b/tests/py/test_payout_status.py
@@ -23,10 +23,16 @@ def test_admin_can_change_status(self):
             assert response.code == 200
             assert Participant.from_username('alice').status_of_1_0_payout == status
 
-    def test_user_cant_change_status(self):
+    def test_user_cant_change_status_except_for_applying(self):
+        self.db.run("UPDATE participants SET status_of_1_0_payout='pending-application' "
+                    "WHERE username='alice'")
+
         response = self.hit('pending-payout', auth_as='alice')
         assert response.code == 403
-        assert Participant.from_username('alice').status_of_1_0_payout == 'completed'
+        assert Participant.from_username('alice').status_of_1_0_payout == 'pending-application'
+
+        response = self.hit('pending-review', auth_as='alice', expecting_error=False)
+        assert Participant.from_username('alice').status_of_1_0_payout == 'pending-review'
 
     def test_invalid_is_400(self):
         response = self.hit('invalid_status')
diff --git a/www/1.0-payout.spt b/www/1.0-payout.spt
index a327c3a34f..d91585067e 100644
--- a/www/1.0-payout.spt
+++ b/www/1.0-payout.spt
@@ -49,7 +49,7 @@ applications_open = delta > 0
     <p>{{ _("You should be all set! But ... can you help us spread the word and tell your friends to check here, too? Thanks! :)") }}</p>
 
     {% elif status == 'pending-review' %}
-    <p>{{ _( "You have applied for a payout. We are reviewing your account and will contact you at {b}{email}{_b} within the next week."
+    <p>{{ _( "You have applied for a payout. We will review your account and contact you at {b}{email}{_b} within the next week."
            , email=user.participant.email_address
            , b='<b>'|safe
            , _b='</b>'|safe
@@ -67,7 +67,7 @@ applications_open = delta > 0
     <p>{{ _("Your balance will be refunded to the original donors on October 8.") }}</p>
 
     {% elif applications_open %}
-    <p><button>{{ _("Apply for a payout") }}</button></p>
+    <p><button class="apply-for-payout">{{ _("Apply for a payout") }}</button></p>
 
     <p>{{ _( "You have until {b}October 1 at 11:59 PM UTC{_b} to apply for a payout."
            , balance=format_currency(balance, 'USD')
@@ -92,3 +92,20 @@ applications_open = delta > 0
     {% endif %}
 {% endif %}
 {% endblock %}
+
+{% block scripts %}
+<script>
+    $(document).ready(function() {
+        $('.apply-for-payout').click(function(e) {
+            jQuery.ajax({
+                url: '/~{{ user.participant.username }}/payout-status.json',
+                type: 'POST',
+                data: {to: 'pending-review'},
+                dataType: 'json',
+                success: function (data) { window.location.reload(); },
+                error: Gratipay.error
+            });
+        });
+    });
+</script>
+{% endblock %}
diff --git a/www/~/%username/payout-status.spt b/www/~/%username/payout-status.spt
index d595b96f37..5ba4292d3d 100644
--- a/www/~/%username/payout-status.spt
+++ b/www/~/%username/payout-status.spt
@@ -10,11 +10,13 @@ workflow = ['too-little', 'pending-application', 'pending-review', 'rejected', '
 
 request.allow('POST')
 participant = get_participant(state, restrict=True)
+new_status = request.body['to']
 
-if not user.ADMIN:
-    raise Response(403)
+from_to = (participant.status_of_1_0_payout, new_status)
+is_applying = from_to == ('pending-application', 'pending-review')
 
-new_status = request.body['to']
+if not (user.ADMIN or (user.participant == participant and is_applying):
+    raise Response(403)
 
 if new_status not in workflow:
     raise Response(400, "invalid value for 'to' parameter")