To secure data in both requests and responses (including webhooks), you can enable encryption based on your team’s configuration. We use AES-256-GCM - a symmetric encryption algorithm combining Advanced Encryption Standard with a 256-bit key length and Galois/Counter Mode (GCM). Encryption can be enabled for your team via the Dashboard or by contacting us.
When encryption is enabled, always set the Content-Type header to application/json+encrypted

Encryption modes

You can choose between two encryption formats for sending your API requests:

1. Full Payload Encryption

Encrypt the entire request payload: 
{
    "encrypted_payload": "base64_encoded_encrypted_data", 
    "encryption_version": "1.0"
}
encryption_payload: The encrypted Base64-encoded payload (matches the structure of an unencrypted request when decrypted). encryption_version: Reserved for future cryptographic upgrades.

2. Input field encryption

When calling /jobs/submit, encrypt only the input field: 
{
    "job_code": "EnsureConnection/etc.", 
    "input": "base64_encoded_encrypted_data"
}

Request and Response encryption

Request Encryption

When sending a request, you can choose from:
  • Unencrypted - No encryption applied
  • Full Payload Encrypted - The entire request body is encrypted
  • Input Field Encrypted - Only the input field is encrypted when calling /jobs/submit

Response Encryption

When receiving API responses or webhooks, you can choose from:
  • Unencrypted - No encryption applied
  • Full Payload Encrypted - The entire response body is encrypted

Configuration Flexibility

All combinations are supported. For example, you may:
  • Send unencrypted requests and receive unencrypted responses
  • Encrypt only the input field in requests while receiving unencrypted response payloads
  • Encrypt full request payloads and receive fully encrypted response payloads
Mix and match based on your needs.

Default

By default, both requests and responses are unencrypted for simplicity.
The options were implemented for flexibility and you can change them at any time.

Costs

Encryption is free; everyone should have the ability to encrypt their data regardless of their business plan.

Are there cases where I should turn the encryption off?

Although it is recommended to leave the encyption on, there are a few cases where turning it off can help, namely:
  • Non-sensitive, public data: The data is already public, there’s nothing to hide. Leaving the encryption on will simply add a comptutational layer without improving security.
  • Performance-critical, non-sensitive systems: If you’re dealing with non-sensitive data and you’re looking for speed, turning off encryption will help.
  • Older systems with limited resources: Encrypting requires processing power that some legacy systems do not have. It might be a sign that it is time to upgrade.