I don't think there is anything encrypted in these URLs. Those are just IDs for something or other, which probably are keys into a hash table on the server, where the actual information can be retrieved. The "MyToken" parameter looks like a session ID, which needs to be lengthy so that collisions are avoided and so that the user can't easily change a few characters and get another valid session ID. If you simply want to obscure what's going on in your URL, a rot-13 cipher would probably suffice.