Method: Decrypt Data¶
Description¶
This endpoint decrypts the provided ciphertext using the named key in the specified vault.
Note
This endpoint requires at least Read permission in the affected vault.
URL Syntax¶
/api/{version}/transparent/:vaultid/decrypt/:name
HTTP Method¶
POST
Successful HTTP Response¶
200
Parameters¶
| Parameter name | Description | Parameter type | Type | Default | Mandatory | Comment |
|---|---|---|---|---|---|---|
| X-Http-Token | StoredSafe token | HTTP Header | String | 1) | Preferred method | |
| token | StoredSafe token | JSON-encoded | String | 1) | Legacy method | |
| vaultid | Vault-ID | URL-encoded | String | Yes | ||
| name | Key name | URL-encoded | String | Yes | ||
| ciphertext | Ciphertext | JSON-encoded | String | Yes | Base64 encoded |
Note
1) One of the methods is required.
Response Attributes¶
| Attribute | Description | Type |
|---|---|---|
| CALLINFO.errorcodes | Number of errors | Integer |
| CALLINFO.errors | Number of errors | Integer |
| CALLINFO.general | Information | Array |
| CALLINFO.handler | Handler used | String |
| CALLINFO.status | SUCCESS or FAIL | String |
| CALLINFO.token | Rotated StoredSafe token 1) | String |
| CALLINFO.key_version | Key version | String |
| CALLINFO.plaintext | Plaintext (Base64 encoded) | String |
| DATA | Supplied data in prior API-call | String |
| HEADERS.(headers) | HTTP Headers | String |
| PARAMS | Route parameters (empty) | Array |
| ERRORCODES | Error code and text 2) | Object |
| ERRORS | Error code and text 2) | Array |
Note
1) Token to be used in subsequent calls
2) Only present if errors
Examples¶
Decrypt the supplied ciphertext with the named decryption key in vault (vaultid) 179.
Request
POST /api/1.0/transparent/179/decrypt/my-new-key
x-http-token: your_storedsafe_token
{
"ciphertext": "storedsafe:v1:fCC+8a3plkkEaveSGaC23i9grdhAioNXgXtQW09Dkes=",
}
Response
HTTP/2 201
Content-type: application/json; charset=UTF-8
{
"CALLINFO": {
"errorcodes": 0,
"errors": 0,
"general": [],
"handler": "EncryptionHandler",
"status": "SUCCESS",
"token": "rotated_storedsafe_token",
"name": "my-new-key",
"objectid": "8743",
"plaintext": "c2Vuc2l0aXZlIGluZm9ybWF0aW9uCg==",
key_"version": "1"
},
"DATA": {
"name": "my-new-key",
"vaultid": "179",
"ciphertext": "storedsafe:v1:fCC+8a3plkkEaveSGaC23i9grdhAioNXgXtQW09Dkes=",
"token": "your_storedsafe_token"
},
"HEADERS": {
"Accept": "*/*",
"Content-Length": "169",
"Content-Type": "application/json",
"Host": "safe.domain.cc",
"User-Agent": "curl/7.64.1",
"X-Http-Token": "your_storedsafe_token"
},
"PARAMS": []
}
$ base64 -d <<< "c2Vuc2l0aXZlIGluZm9ybWF0aW9uCg=="
sensitive information