# Customer data

You can include customer info in a deep link to help pre-fill fields required at payment.

When providing sensitive customer info, you must take steps to encrypt their data. Partners wishing to submit customer data through deep links will receive an *encryption key*.

## Parameters

The following customer parameters are accepted:

* `customer_email`: The customer's email address.
* `customer_loyalty_number`: The customer's loyalty program number (if any) as an alphanumeric string.
* `customer_name`: The customer's first name.
* `customer_surname`: The customer's last name.
* `promo_code`: A code for discounts.


## Encryption process

To properly encrypt customer data, take the following steps:

1. Serialize the object.
2. Encrypt the serialized object using the [CTR-AES256 encryption algorithm](https://csrc.nist.gov/publications/detail/sp/800-38a/final) and provided encryption key.
3. URL encode the encrypted result.
4. Add the result to the query using the `msmCrypt` parameter. We strongly recommend using this parameter with a [destination parameter](/white-label/deep-link/destination).


When the user reaches the payment page on the white label platform, their information will already be filled in:

![Example of completed customer info](/assets/customer-data-checkout-form.b99557782c1523df34da0a8346f52ed4912c9e15abe7043b2bc0626de1ba2471.f0e1a66d.jpg)

## JavaScript libraries

We have developed a [universal library](https://github.com/musement/msm-crypto/) for our partners which can be used with NodeJS or a basic JavaScript client.

We have also set up a [full example](https://codesandbox.io/s/j14x4y2qmy) which uses our library and builds a valid URL.

## PHP class

We provide a PHP class for our partners which can be used to encrypt customer data:


```php
class GoTuiDeepLinkDataEncrypter
{
	const AES_KEY = 'LI2wmCDSR-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

	/**
	* TUI DX Data Sharing Specification 26.3.2022
	* 1. Serialize the object
	* 2. Encrypt the result using the AES-CTR 256 encrypt algorithm
	*
	* @param JsonSerializable $deeplinkData
	*
	*/

	public function encrypt(JsonSerializable $deeplinkData): string
	{
		$plainText = json_encode($deeplinkData->jsonSerialize());

		$key = $this->base64url_decode(self::AES_KEY);

		$iv = str_repeat("\0", 16);

		$encrypted = openssl_encrypt($plainText, 'aes-256-ctr', $key, OPENSSL_RAW_DATA, $iv);

		$encrypted = utf8_encode($encrypted);

		return $this->encodeUriComponent($encrypted);
	}

	private function base64url_decode(string $data): string
	{
		return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));
	}

	/**
	* see http://www.rither.de/a/informatik/php-beispiele/strings/urls-encodieren-und-decodieren/
	*
	* @param string $str
	*
	* @return string
	*/
	private function encodeUriComponent(string $str): string
	{
		$search = ['%21', '%2A', '%28', '%29', '%27', '%7E', '%uFFFD'];

		$replace = ['!', '*', '(', ')', '\'', '~', '%EF%BF%BD'];

		$subject = rawurlencode($str);

		return str_replace($search, $replace, $subject);
	}
}
```