Guides
REST API
Authentication
Our REST API is authenticated using HTTP Basic authorization, the header that is used is:
The credentials are created by taking your Evervault App ID and a scoped API key and combining them with a colon and finally base64 encoding them together.
For example, if your App ID is app_1234
, and your scoped API key is ev:key:1:abcdefd
, then combined they'd be app_1234:ev:key:1:abcdefd
and finally base64("app_1234:ev:key:1:abcdefd") = YXBwXzEyMzQ6ZXY6a2V5OjE6YWJjZGVmZA==
.
So the final header would be:
If you're using curl
you can set the authorization header using the -u
param. Curl will handle the base64 encoding.
Encrypt
The encrypt endpoint can be used to encrypt the values of a JSON object, or files. When encrypting the values of a JSON object the Content-Type
header should be set to application/json
, when encrypting files it should be set to application/octet-stream
. The body of the request should the item being encrypted.
Sample Request:
Decrypt
The decrypt endpoint can be used to decrypt the values of a JSON object, or files. When decrypting the values of a JSON object the Content-Type
header should be set to application/json
, when decrypting files it should be set to application/octet-stream
. The body of the request should the item being decrypted.
This endpoint must be called using an API key with the Decrypt
grant. API key permissions can be managed in the App Settings section of the Evervault dashboard. Learn more
Sample Request:
Client Side Tokens
Client Side Tokens are versatile and short-lived tokens that frontend applications can utilize to perform various actions, like running Functions or decrypting data. Client Side Tokens are restricted to specific payloads.
By default, a Client Side Token will live for 5 minutes into the future. The maximum time to live of the token is 10 minutes into the future. When using the REST API, the expiry field must be in epoch milliseconds.
Creating a Client Side Token that can decrypt data:
Using the token: