Method: Decrypt Data

Description

This endpoint decrypts the provided ciphertext using the named key in the specified vault.

Note

This endpoint requires at least Read permission in the affected vault.

URL Syntax

/api/{version}/transparent/:vaultid/decrypt/:name

HTTP Method

POST

Successful HTTP Response

200

Parameters

Parameter name Description Parameter type Type Default Mandatory Comment
X-Http-Token StoredSafe token HTTP Header String   1) Preferred method
token StoredSafe token JSON-encoded String   1) Legacy method
vaultid Vault-ID URL-encoded String   Yes  
name Key name URL-encoded String   Yes  
ciphertext Ciphertext JSON-encoded String   Yes Base64 encoded

Note

1) One of the methods is required.

Response Attributes

Attribute Description Type
CALLINFO.errorcodes Number of errors Integer
CALLINFO.errors Number of errors Integer
CALLINFO.general Information Array
CALLINFO.handler Handler used String
CALLINFO.status SUCCESS or FAIL String
CALLINFO.token Rotated StoredSafe token 1) String
CALLINFO.key_version Key version String
CALLINFO.plaintext Plaintext (Base64 encoded) String
DATA Supplied data in prior API-call String
HEADERS.(headers) HTTP Headers String
PARAMS Route parameters (empty) Array
ERRORCODES Error code and text 2) Object
ERRORS Error code and text 2) Array

Note

1) Token to be used in subsequent calls
2) Only present if errors

Examples

Decrypt the supplied ciphertext with the named decryption key in vault (vaultid) 179.

Request

POST /api/1.0/transparent/179/decrypt/my-new-key
x-http-token: your_storedsafe_token
{
     "ciphertext": "storedsafe:v1:fCC+8a3plkkEaveSGaC23i9grdhAioNXgXtQW09Dkes=",
}

Response

HTTP/2 201
Content-type: application/json; charset=UTF-8
{
    "CALLINFO": {
        "errorcodes": 0,
        "errors": 0,
        "general": [],
        "handler": "EncryptionHandler",
        "status": "SUCCESS",
        "token": "rotated_storedsafe_token",
        "name": "my-new-key",
        "objectid": "8743",
        "plaintext": "c2Vuc2l0aXZlIGluZm9ybWF0aW9uCg==",
        key_"version": "1"
    },
    "DATA": {
        "name": "my-new-key",
        "vaultid": "179",
        "ciphertext": "storedsafe:v1:fCC+8a3plkkEaveSGaC23i9grdhAioNXgXtQW09Dkes=",
        "token": "your_storedsafe_token"
    },
    "HEADERS": {
        "Accept": "*/*",
        "Content-Length": "169",
        "Content-Type": "application/json",
        "Host": "safe.domain.cc",
        "User-Agent": "curl/7.64.1",
        "X-Http-Token": "your_storedsafe_token"
    },
    "PARAMS": []
}

$ base64 -d <<< "c2Vuc2l0aXZlIGluZm9ybWF0aW9uCg=="
sensitive information