Customer data

You can include customer info in a deep link to help pre-fill fields required at payment.

When providing sensitive customer info, you must take steps to encrypt their data. Partners wishing to submit customer data through deep links will receive an encryption key.


The following customer parameters are accepted:

  • customer_email : The customer's email address.
  • customer_loyalty_number : The customer's loyalty program number (if any) as an alphanumeric string.
  • customer_name : The customer's first name.
  • customer_surname : The customer's last name.
  • promo_code : A code for discounts.

Encryption process

To properly encrypt customer data, take the following steps:

  1. Serialize the object.
  2. Encrypt the serialized object using the CTR-AES256 encryption algorithm and provided encryption key.
  3. URL encode the encrypted result.
  4. Add the result to the query using the msmCrypt parameter. We strongly recommend using this parameter with a destination parameter .

When the user reaches the payment page on the white label platform, their information will already be filled in:

Example of completed customer info

JavaScript libraries

We have developed a universal library for our partners which can be used with NodeJS or a basic JavaScript client.

We have also set up a full example which uses our library and builds a valid URL.

PHP class

We provide a PHP class for our partners which can be used to encrypt customer data:

class GoTuiDeepLinkDataEncrypter
	const AES_KEY = 'LI2wmCDSR-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';

	* TUI DX Data Sharing Specification 26.3.2022
	* 1. Serialize the object
	* 2. Encrypt the result using the AES-CTR 256 encrypt algorithm
	* @param JsonSerializable $deeplinkData

	public function encrypt(JsonSerializable $deeplinkData): string
		$plainText = json_encode($deeplinkData->jsonSerialize());

		$key = $this->base64url_decode(self::AES_KEY);

		$iv = str_repeat("\0", 16);

		$encrypted = openssl_encrypt($plainText, 'aes-256-ctr', $key, OPENSSL_RAW_DATA, $iv);

		$encrypted = utf8_encode($encrypted);

		return $this->encodeUriComponent($encrypted);

	private function base64url_decode(string $data): string
		return base64_decode(str_pad(strtr($data, '-_', '+/'), strlen($data) % 4, '=', STR_PAD_RIGHT));

	* see
	* @param string $str
	* @return string
	private function encodeUriComponent(string $str): string
		$search = ['%21', '%2A', '%28', '%29', '%27', '%7E', '%uFFFD'];

		$replace = ['!', '*', '(', ')', '\'', '~', '%EF%BF%BD'];

		$subject = rawurlencode($str);

		return str_replace($search, $replace, $subject);
Copyright © TUI Musement. All rights reserved.