Decryption of URL variables without view source revealing decryption code

From my PHP code, I’m passing two variables on the URL as show below:

the problem is if I encrypt the values that I’m passing, how am I going to decrypt them without revealing (from the browser’s view source option) how the encryption is performed and making the encryption effort moot?

The variables in this case are deviceID and Access_Token. Two keys to your photon/electron’s kingdom you’d rather not have out there for anyone to see.

Any help will be greatly appreciated.