Params Encryption

For additional security, it is possible to encrypt Advocate, Friend, and Loyalty member email, as well as Custom User Data on back-end. This can be done by using 2048-bit key generated by Talkable for your site. So, instead of sending params in plain text, you can send them encrypted.

Site public encryption key

To get your unique site public encryption key, go to All Site Settings → Integrations → API integration → Public encryption key for email addresses.

Passing email as a GET parameter to Standalone Campaign

Also it’s possible to pass encrypted email as a GET parameter (e.g. for CTA links that point to standalone invite page). But to do that encrypted email should be URL-encoded.

Ruby Example

require 'openssl'
require 'base64'

def key
  @key ||= begin
    key_content ='talkable_your_site_slug_public_key.pem')

def encode_param_for_talkable(param)
  encrypted_param = key.public_encrypt(param)

puts encode_param_for_talkable("")

Java Example

This example uses Bouncy Castle library and has been tested on:

  • bcprov-jdk15on-156.jar (Provider)

  • bcpkix-jdk15on-156.jar (PKIX/CMS/EAC/PKCS/OCSP/TSP/OPENSSL)

that can be downloaded from Bouncy Castle Latest Releases.


Please note that loading a Security Provider and a key into memory takes more time than encrypting. So it is recommended to store the key in memory instead of loading it each time to avoid performance overhead.

import javax.crypto.BadPaddingException;
import javax.crypto.Cipher;
import javax.crypto.IllegalBlockSizeException;
import java.util.Base64;

import org.bouncycastle.asn1.x509.SubjectPublicKeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.openssl.PEMParser;
import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;

public class EncryptionDemo {
    static class ParamEncryptor {
        private Cipher cipher;
        private Key publicKey;

        private void initPublicKey() throws IOException {
            PEMParser pemParser = new PEMParser(new FileReader("talkable_your_site_slug_public_key.pem"));
            JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
            SubjectPublicKeyInfo publicKeyInfo = (SubjectPublicKeyInfo) pemParser.readObject();
            publicKey = converter.getPublicKey(publicKeyInfo);

        private void initCipher() throws GeneralSecurityException {
            cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
            cipher.init(Cipher.ENCRYPT_MODE, publicKey);

        public ParamEncryptor() throws IOException, GeneralSecurityException {

        public String encryptParam(String param) throws BadPaddingException, IllegalBlockSizeException {
            byte[] input = param.getBytes();
            byte[] cipherText = cipher.doFinal(input);
            byte[] encodedBytes = Base64.getEncoder().encode(cipherText);
            return new String(encodedBytes);

    static ParamEncryptor paramEncryptor;

    static {
        Security.addProvider(new BouncyCastleProvider());
        try {
            paramEncryptor = new ParamEncryptor();
        } catch (IOException | GeneralSecurityException e) {

    public static String encryptParam(String param) throws BadPaddingException, IllegalBlockSizeException {
        return paramEncryptor.encryptParam(param);

    public static void main(String[] args) throws Exception {
        String email = "";

Front-end Part

Please modify the front-end using this pseudo code example:

  _talkableq.push(['authenticate_customer', {
    email: '<%= to_json(TalkableEncryptionService.encrypt( %>',
    phone_number: '<%= to_json(TalkableEncryptionService.encrypt(current_user.phone_number)) %>',
    first_name: '<%= to_json(current_user.first_name) %>',
    last_name: '<%= to_json(current_user.last_name) %>',
    person_custom_properties: {
      secret: '<%= to_json(TalkableEncryptionService.encrypt(current_user.secret)) %>'