Customer data

You can include customer info in a deep link to help pre-fill fields required at payment.

When providing sensitive customer info, you must take steps to encrypt their data. Partners wishing to submit customer data through deep links will receive an encryption key.


The following customer parameters are accepted:

  • customer_email : The customer's email address.
  • customer_loyalty_number : The customer's loyalty program number (if any) as an alphanumeric string.
  • customer_name : The customer's first name.
  • customer_surname : The customer's last name.
  • promo_code : A code for discounts.

Encryption process

To properly encrypt customer data, take the following steps:

  1. Serialize the object.
  2. Encrypt the serialized object using the CTR-AES256 encryption algorithm and provided encryption key.
  3. URL encode the encrypted result.
  4. Add the result to the query using the msmCrypt parameter. We strongly recommend using this parameter with a destination parameter .

When the user reaches the payment page on the white label platform, their information will already be filled in:

Example of completed customer info

JavaScript libraries

We have developed a universal library for our partners which can be used with NodeJS or a basic JavaScript client.

We have also set up a full example which uses our library and builds a valid URL.

PHP class

We provide a PHP class for our partners which can be used to encrypt customer data:

class GoTuiDeepLinkDataEncrypter
	const AES_KEY = 'LI2wmCDSR-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

	* TUI DX Data Sharing Specification 26.3.2022
	* 1. Serialize the object
	* 2. Encrypt the result using the AES-CTR 256 encrypt algorithm
	* @param JsonSerializable $deeplinkData

	public function encrypt(JsonSerializable $deeplinkData): string
		$plainText = json_encode($deeplinkData->jsonSerialize());

		$key = $this->base64url_decode(self::AES_KEY);

		$iv = str_repeat("\0", 16);

		$encrypted = openssl_encrypt($plainText, 'aes-256-ctr', $key, OPENSSL_RAW_DATA, $iv);

		$encrypted = utf8_encode($encrypted);

		return $this->encodeUriComponent($encrypted);

	private function base64url_decode(string $data): string
		return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));

	* see
	* @param string $str
	* @return string
	private function encodeUriComponent(string $str): string
		$search = ['%21', '%2A', '%28', '%29', '%27', '%7E', '%uFFFD'];

		$replace = ['!', '*', '(', ')', '\'', '~', '%EF%BF%BD'];

		$subject = rawurlencode($str);

		return str_replace($search, $replace, $subject);

Encryption service

To support other programming languages, we have released an HTTP service which can encrypt customer data.

To use the service, first serialize the customer data and Base64 encode it.

Submit the encoded data using the m query parameter:


The response will contain the encrypted data, which you can URL encode and use for your deep link with the msmClient query parameter.

Copyright © TUI Musement. All rights reserved.