Encryption
This guide provides detailed instructions on how to send and receive data securely using encryption keys.
Last updated
This guide provides detailed instructions on how to send and receive data securely using encryption keys.
Last updated
Encryption Overview
We prioritize the security of your data. To ensure this, we employ encryption for the data transmitted through our Public API and Webhooks.
Available Encryption Methods
An encryption method and keys are provided on the page of your account. These method and keys are essential for encrypting and decrypting data exchanged between your application and our services.
aes-256-cbc
Keys Required:
Secret Key: Used for encrypting and decrypting your JSON payload.
HMAC Key: Used to generate a signature that verifies the integrity and authenticity of your data
Header Requirement:
The HMAC signature must be included in the request headers x-allpass-signature
aes-256-gcm
Keys Required:
Secret Key: Used for encrypting and decrypting your JSON payload.
Header Requirement:
Although this method doesn’t require an additional HMAC key, the authentication tag (auth tag) generated during encryption must be provided in the headers x-allpass-signature
Sending Data to Our Public API
You have the option to send data to our Public API either encrypted or unencrypted, depending on your preference and security requirements.
Unencrypted Data: If you prefer, you can also send data without encryption. This option is available for clients who may not require the added security layer.
Receiving Data from Public API and Webhooks
Steps for Integration
Retrieve Your Keys:
For aes-256-cbc, retrieve both your Secret Key and your HMAC Key.
For aes-256-gcm, retrieve your Secret Key.
Encrypt Your Data:
For aes-256-cbc:
Encrypt your JSON payload using the Secret Key.
Generate an HMAC signature using your HMAC Key.
For aes-256-gcm:
Encrypt your JSON payload using the Secret Key.
Extract the authentication tag (auth tag) during encryption.
Send Data to Public API:
Payload Format:
Encrypted: Send your encrypted data to our Public API endpoint.
Headers:
For aes-256-cbc:
Attach the HMAC signature, e.g., x-allpass-signature: yourHMACvalue.
For aes-256-gcm:
Attach the authentication tag, e.g., x-allpass-signature: yourAuthTagValue .
Receive and Decrypt Data:
Use your Secret Key to decrypt the incoming payload.
For aes-256-cbc: Validate the HMAC signature from the headers using your HMAC Key.
For aes-256-gcm: Use the auth tag provided in the headers to ensure correct decryption and data integrity.
Example Code Snippets
Here are some example code snippets to help you get started with encryption and decryption using your key:
Encrypting Data:
aes-256-cbc :
aes-256-gcm
Decrypting Data:
aes-256-cbc:
aes-256-gcm:
In addition to handling encrypted data through our Public API and Webhooks, you may also need to decrypt stream files received from our services. Below are the steps and code snippets to help you decrypt these stream files effectively.
Encryption Method: For stream file operations, our system exclusively uses aes-256-cbc encryption. Regardless of any other encryption method used elsewhere in your integration, stream files must be processed using aes-256-cbc.
Key Requirement: Only the secret key is required to decrypt stream file data. No HMAC signature is needed or verified for stream files.
Implication for Alternate Methods: If you opt to use another encryption method (for example, aes-256-gcm) when handling other data, please note that stream file data will still be decrypted using aes-256-cbc with only the secret key. Any HMAC signature provided with other data is ignored for stream files.
Steps for Decrypting Stream Files
Retrieve Initialization Vector (IV): The IV for the decryption process is provided in the response headers of the stream file. You can retrieve it using the following code:
Decrypt Stream Data:
Use the IV and the encryption key to decrypt the incoming stream file data.
The length of the IV is 16 bytes.
Example Code Snippet
Here's an example of how to decrypt a stream file:
Encrypted Data: To send encrypted data, use the encryption keys provided on the page. Encrypt your data before sending it to our API.The encrypted data should be included in the payload as follows:
All data sent to you via our Public API or Webhooks is encrypted using the same encryption keys found on the page. Ensure you decrypt the incoming data using this key to access the information.
Log in to your account and navigate to the page.