Encrypt API

POST

https://managed.crittoraapis.com/v1/encrypt

This reference page documents the Managed API version of the encrypt operation. It accepts request-time credentials and encrypts data through Crittora on your behalf.

Using the Direct API instead?

These examples are for https://managed.crittoraapis.com. For the token-based direct API flow, start with the Direct API guide.

Purpose

Use this endpoint when you are on the Managed API integration path and need Crittora to handle the Cognito step per request. Send your managed credentials in headers and the plaintext in the request body.

API Details

Managed API headers

Header	Type	Description	Required
username	string	AWS Cognito username	Yes
password	string	AWS Cognito password	Yes
api_key	string	Crittora partner API key	Yes
access_key	string	Crittora partner access key	Yes
secret_key	string	Crittora partner secret key	Yes

Request Body

{
  "data": "string"
}

Field	Type	Description	Required
data	string	The plaintext data to encrypt	Yes

Response

Returns the encrypted payload from Crittora in JSON format.

Example Response:

{
  "statusCode": 200,
  "body": {
    "encrypted_data": "ugHTJ-ziCZ-QmWh8ruNJ0ojgwY8iA7OmPVGZDzVlGmImv4A4xWJ6HLchv_dRFZEdl7CB8i_F8KlEgTumCAY86B4n5jltbB8NnSiIvlyZT8WkyIDVCJX6F7VT6R_Wt99PjTg7Q"
  }
}

Status Codes

HTTP status codes returned by the encrypt endpoint.

Success Codes

Code	Name	Description	Usage	Example
200	OK	Successfully encrypted data	Request completed successfully	Encryption operation completed

Error Codes

Code	Name	Description	Usage	Example
500	Internal Server Error	Username and/or Password Incorrect	Authentication credentials are invalid	Invalid AWS Cognito username or password

Status Code Best Practices

Always check the status code before processing response data
Implement proper error handling for error status codes
Use appropriate HTTP methods and status codes for your use case

Code Examples

cURL Example:

curl -X POST https://managed.crittoraapis.com/v1/encrypt \
  -H "Content-Type: application/json" \
  -H "username: your_cognito_username" \
  -H "password: your_cognito_password" \
  -H "api_key: your_crittora_api_key" \
  -H "access_key: your_crittora_access_key" \
  -H "secret_key: your_crittora_secret_key" \
  -d '{
    "data": "sensitive information to encrypt"
  }'

JavaScript Example:

const encryptData = async (data) => {
  const response = await fetch("https://managed.crittoraapis.com/v1/encrypt", {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      "username": "your_cognito_username",
      "password": "your_cognito_password",
      "api_key": "your_crittora_api_key",
      "access_key": "your_crittora_access_key",
      "secret_key": "your_crittora_secret_key"
    },
    body: JSON.stringify({ data })
  });

  return await response.json();
};

Python Example:

import requests

def encrypt_data(data):
    url = "https://managed.crittoraapis.com/v1/encrypt"
    headers = {
        "Content-Type": "application/json",
        "username": "your_cognito_username",
        "password": "your_cognito_password",
        "api_key": "your_crittora_api_key",
        "access_key": "your_crittora_access_key",
        "secret_key": "your_crittora_secret_key"
    }

    payload = {"data": data}
    response = requests.post(url, headers=headers, json=payload)
    return response.json()

Flow Summary

API caller sends managed credentials in headers and plaintext data in the JSON body.
The managed layer authenticates with Cognito on behalf of the caller.
The managed layer calls Crittora's encrypt operation with:
- Authorization bearer token
- Crittora partner API credentials
- Requested action: ["e"] for encryption
The encrypted payload is returned to the caller.

Security Notes

Sensitive credentials (passwords, API keys) must not be logged or exposed.
Use HTTPS and secure client storage for all keys.
Rotate Cognito and Crittora keys periodically.

Try it out: Use the interactive interface below to test the managed encrypt endpoint with your own data.