Decrypt API
https://managed.crittoraapis.com/v1/decrypt
This reference page documents the Managed API version of the decrypt operation. It accepts request-time credentials and decrypts data through Crittora on your behalf.
Purpose
Use this endpoint when you are on the Managed API integration path and want Crittora to perform the Cognito exchange for each request. Send your managed credentials in headers and the encrypted payload in the request body.
API Details
Managed API headers
| Header | Type | Description | Required |
|---|---|---|---|
| username | string | AWS Cognito username | Yes |
| password | string | AWS Cognito password | Yes |
| api_key | string | Crittora partner API key | Yes |
| access_key | string | Crittora partner access key | Yes |
| secret_key | string | Crittora partner secret key | Yes |
Request Body
{
"encrypted_data": "base64_encoded_ciphertext"
}| Field | Type | Description | Required |
|---|---|---|---|
| encrypted_data | string | Base64-encoded encrypted data to decrypt | Yes |
Response
Successful response (HTTP 200) returns the decrypted payload from Crittora in JSON format.
Example Response:
{
"statusCode": 200,
"body": {
"decrypted_data": "sensitive information to encrypt"
}
}Status Codes
HTTP status codes returned by the decrypt endpoint.
Success Codes
| Code | Name | Description | Usage | Example |
|---|---|---|---|---|
200 | OK | Successfully decrypted data | Request completed successfully | Decryption operation completed |
Error Codes
| Code | Name | Description | Usage | Example |
|---|---|---|---|---|
500 | Internal Server Error | Username and/or Password Incorrect | Authentication credentials are invalid | Invalid AWS Cognito username or password |
Code Examples
cURL Example:
curl -X POST https://managed.crittoraapis.com/v1/decrypt \
-H "Content-Type: application/json" \
-H "username: your_cognito_username" \
-H "password: your_cognito_password" \
-H "api_key: your_crittora_api_key" \
-H "access_key: your_crittora_access_key" \
-H "secret_key: your_crittora_secret_key" \
-d '{
"encrypted_data": "eyJkYXRhIjoiZW5jcnlwdGVkX2Jhc2U2NF9zdHJpbmciLCJhbGdvcml0aG0iOiJBQ0VTLTI1Ni1HQ00ifQ=="
}'JavaScript Example:
const decryptData = async (encryptedData) => {
const response = await fetch("https://managed.crittoraapis.com/v1/decrypt", {
method: "POST",
headers: {
"Content-Type": "application/json",
"username": "your_cognito_username",
"password": "your_cognito_password",
"api_key": "your_crittora_api_key",
"access_key": "your_crittora_access_key",
"secret_key": "your_crittora_secret_key"
},
body: JSON.stringify({ encrypted_data: encryptedData })
});
return await response.json();
};Python Example:
import requests
def decrypt_data(encrypted_data):
url = "https://managed.crittoraapis.com/v1/decrypt"
headers = {
"Content-Type": "application/json",
"username": "your_cognito_username",
"password": "your_cognito_password",
"api_key": "your_crittora_api_key",
"access_key": "your_crittora_access_key",
"secret_key": "your_crittora_secret_key"
}
payload = {"encrypted_data": encrypted_data}
response = requests.post(url, headers=headers, json=payload)
return response.json()Process Flow
- Client sends managed credentials and encrypted data in a POST request.
- The managed layer authenticates with Cognito on behalf of the caller.
- The managed layer constructs a request to Crittora's decrypt operation:
- Includes auth token and partner credentials
- Sends the encrypted data
- The decrypted payload is returned to the client.
Try it out: Use the interactive interface below to test the managed decrypt endpoint with your encrypted data.