Encrypt

Seal a payload into a portable envelope.

~ 1 min read

http

POST /v1/encrypt

Request

payload string body required

The data to encrypt. Up to 1 MB per call.

aad object body

Additional authenticated data — included in the integrity check, not encrypted.

envelope string

The opaque, base64-encoded ciphertext. Pass this back to /decrypt to recover the payload.

key_version string

The key version used. You don’t need to track this — /decrypt figures it out.

Request example

bash

curl https://api.example.com/v1/encrypt \
  -H "Authorization: Bearer $CIPHER_KEY" \
  -d '{"payload": "secret note"}'

Response example

json

{
  "envelope": "v2:Ks7...==",
  "key_version": "v2"
}

Last updated 4 d ago Edit this page