Running Cages

How to run your deployed Cages.


Automatically run your Cage code by passing the Cage name and the payload into the function of your Evervault SDK. Or, send an HTTPS POST request with a JSON payload and API-Key header to

  • Node.js
  • Python
  • Ruby
// `encryptedData` must be an Object
const result = await'YOUR-CAGE-NAME', encryptedData);

Run your application to see the result. Return the result to the client, or forward it to a third party API via an HTTP request. All outbound HTTP requests are logged, and are shown in your team's Dashboard.

The Node.js SDK is pre-initialized in all Cages as the globally-scoped evervault object. This allows you to encrypt the result, and store it in your database.


Run your cage client-side by creating a run token using one of our server-side SDKs and then sending an HTTPS POST request from your client. For security, run tokens are single use, have a five minute time to live and are only valid when the same payload is included in both token creation and when running the cage.

  • Node.js
  • Python
  • Ruby
// `payloadForCageRun` must be an Object
const token = await evervault.createRunToken('YOUR-CAGE-NAME', payloadForCage);

Send an HTTPS POST request to with the JSON payload and the run token included in the authorization header.

curl --request POST \
--url<CAGE-NAME> \
--header 'Authorization: Bearer <RUN-TOKEN>' \
--header 'Content-Type: application/json' \

Cage IP Whitelist

You can restrict your Cage to only run when invoked from specified IP addresses or CIDR blocks.

If your Cage is invoked from a IP which isn’t included in your whitelist, you will receive a 403 HTTP status code with the Evervault error header: x-evervault-error-code: forbidden-ip-error.

You can configure the IP Whitelist from the Evervault dashboard by going to Dashboard -> Cage -> IP Whitelist

Was this page useful?