Skip to main content
All traffic between Mention Me and your site is encrypted via HTTPS by default. Further encryption is only needed in specific cases — discuss your use case with your Client Success Manager before implementing.

Overview

If you pass personal data in a landing page URL or tag, you can encrypt it so intermediaries cannot read it. Mention Me uses the Sodium crypto library (libsodium) with XSalsa20 encryption. A shared secret key (64-character hex string) is exchanged between you and Mention Me. You use it to encrypt; we use it to decrypt. Without encryption, a referral link looks like: 
https://mention-me.com/me/referral/register/er/YOUR_PARTNER_CODE?email=test@example.com&firstname=John&surname=Smith
With encryption: 
https://mention-me.com/me/referral/register/er/YOUR_PARTNER_CODE?mm_e=923173becee4ec7b...9abe&nonce=11baf0cb9972615536256b13
Contact your onboarding manager to receive your encryption key.

Step-by-Step

1

URL-encode your parameters

Each parameter value must be URL-encoded first. For example, person@example.com becomes person%40example.com.
2

Build the query string

Concatenate all parameters with &:
email=person%40example.com&firstname=John&surname=Smith
3

Generate a nonce

Create a random 24-byte (48-character) hex-encoded nonce. This must be different each time.Example: 11baf0cb9972615536256b13b2981c1d3cc86508718af061
4

Encrypt with libsodium

Encrypt the query string using crypto_secretbox from the Sodium library with your shared key and the nonce. This produces a binary cipher text.Libraries are available for:
5

Hex-encode the output

Convert the binary encrypted output to a hex string.
6

Pass as mm_e parameter

Add the encrypted data and nonce to your tag or URL:
mm_e=<hex_encoded_ciphertext>&nonce=<hex_encoded_nonce>

Validation

Encryption must include a valid email address as one of the encrypted fields, otherwise the request will be rejected.

Example

Given:
  • Query string: email=person%40example.com&firstname=John&surname=Smith
  • Key: 1234567890123456789012345678901234567890123456789012345678901234
  • Nonce: 123456789012345678901234567890123456789012345678
The encrypted output would be: 
mm_e=923173becee4ec7bdcfb6820d1e77026adb54f66c6e00abbee470967b114f8653b3e17e906749214406ff8c1105f48f79a9634d11576c3284c2fbfaa4a281fbdd9b6e05dfb9abe&nonce=123456789012345678901234567890123456789012345678

In a referrer tag

Unencrypted: 
<script type="text/javascript"
  src="https://tag.mention-me.com/api/v2/referreroffer/YOUR_PARTNER_CODE?email=person@example.com&firstname=John&surname=Smith&order_number=253829&order_total=113&order_currency=GBP&situation=postpurchase">
</script>
Encrypted equivalent: 
<script type="text/javascript"
  src="https://tag.mention-me.com/api/v2/referreroffer/YOUR_PARTNER_CODE?mm_e=923173becee4ec7b...9abe&nonce=11baf0cb...f061&order_number=253829&order_total=113&order_currency=GBP&situation=postpurchase">
</script>
Non-personal parameters (order details, situation) can remain unencrypted alongside the mm_e parameter.
Last modified on March 25, 2026