Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.mention-me.com/llms.txt

Use this file to discover all available pages before exploring further.

All traffic between Mention Me and your site is encrypted via HTTPS by default. Further encryption is only needed in specific cases — discuss your use case with your Client Success Manager before implementing.

Overview

If you pass personal data in a landing page URL or tag, you can encrypt it so intermediaries cannot read it. Mention Me uses the Sodium crypto library (libsodium) with XSalsa20 encryption. A shared secret key (64-character hex string) is exchanged between you and Mention Me. You use it to encrypt; we use it to decrypt. Without encryption, a referral link looks like: 
https://mention-me.com/me/referral/register/er/YOUR_PARTNER_CODE?email=test@example.com&firstname=John&surname=Smith
With encryption: 
https://mention-me.com/me/referral/register/er/YOUR_PARTNER_CODE?mm_e=923173becee4ec7b...9abe&nonce=11baf0cb9972615536256b13
Contact your onboarding manager to receive your encryption key.

Step-by-Step

1

URL-encode your parameters

Each parameter value must be URL-encoded first. For example, person@example.com becomes person%40example.com.
2

Build the query string

Concatenate all parameters with &:
email=person%40example.com&firstname=John&surname=Smith
3

Generate a nonce

Create a random 24-byte (48-character) hex-encoded nonce. This must be different each time.Example: 11baf0cb9972615536256b13b2981c1d3cc86508718af061
4

Encrypt with libsodium

Encrypt the query string using crypto_secretbox from the Sodium library with your shared key and the nonce. This produces a binary cipher text.Libraries are available for:
5

Hex-encode the output

Convert the binary encrypted output to a hex string.
6

Pass as mm_e parameter

Add the encrypted data and nonce to your tag or URL:
mm_e=<hex_encoded_ciphertext>&nonce=<hex_encoded_nonce>

Validation

Encryption must include a valid email address as one of the encrypted fields, otherwise the request will be rejected.

Example

Given:
  • Query string: email=person%40example.com&firstname=John&surname=Smith
  • Key: 1234567890123456789012345678901234567890123456789012345678901234
  • Nonce: 123456789012345678901234567890123456789012345678
The encrypted output would be: 
mm_e=923173becee4ec7bdcfb6820d1e77026adb54f66c6e00abbee470967b114f8653b3e17e906749214406ff8c1105f48f79a9634d11576c3284c2fbfaa4a281fbdd9b6e05dfb9abe&nonce=123456789012345678901234567890123456789012345678

In a referrer tag

Unencrypted: 
<script type="text/javascript"
  src="https://tag.mention-me.com/api/v2/referreroffer/YOUR_PARTNER_CODE?email=person@example.com&firstname=John&surname=Smith&order_number=253829&order_total=113&order_currency=GBP&situation=postpurchase">
</script>
Encrypted equivalent: 
<script type="text/javascript"
  src="https://tag.mention-me.com/api/v2/referreroffer/YOUR_PARTNER_CODE?mm_e=923173becee4ec7b...9abe&nonce=11baf0cb...f061&order_number=253829&order_total=113&order_currency=GBP&situation=postpurchase">
</script>
Non-personal parameters (order details, situation) can remain unencrypted alongside the mm_e parameter.
Last modified on April 17, 2026