Encryption in Production

In the production environment, all API calls and responses are encrypted using AES 256-bit encryption. This ensures that your data is transmitted securely and is protected from unauthorized access.

What is AES 256-bit Encryption?

AES (Advanced Encryption Standard) 256-bit is a symmetric encryption algorithm that encrypts and decrypts data using a 256-bit key. It is one of the most secure encryption standards available and is widely used in industries requiring high levels of data security.

AES 256-bit encryption is approved by the National Security Agency (NSA) for protecting classified information, which underscores its reliability and strength.

How to Implement AES 256-bit Encryption

To secure your API calls with AES 256-bit encryption in the production environment, follow these steps:

  1. Generate the Encryption Key: Your API’s secret key will serve as the encryption key for AES 256-bit encryption. This key should be kept secure and not shared publicly.

  2. Encrypt the Data:

    • Use a standard AES 256-bit encryption library in your preferred programming language.
    • Encrypt the payload of your API request using your secret key.
    • Ensure that both the client and server are configured to use the same encryption key.

  3. Add Encryption Information to the Request Header: After encrypting the data, include an additional header in your API request to indicate that the payload is encrypted:

    Headers: {
  "Host": "api.withedge.co",
  "Content-Type": "application/json",
  "Authorization": "Bearer {Base64 encoded client+secret}",
  "X-Encryption-Type": "AES256"
}
    • X-Encryption-Type: This header indicates that the payload is encrypted using AES 256-bit. The server will then decrypt the payload using the corresponding secret key.

  4. Send the Encrypted Request:

    • Once the payload is encrypted and the header is added, send your API request as usual. The Edge API will decrypt the data on the server side before processing it.

Example Request with Encryption

Here’s how a sample request might look when using AES 256-bit encryption:

POST /users HTTP/1.1
Host: api.withedge.co
Content-Type: application/json
Authorization: Bearer {Base64 encoded client+secret}
X-Encryption-Type: AES256

{
  "encryptedData": "U2FsdGVkX19+zuiLHS4Pj6RQgHVK6YVXeQm9X9gX3M="
}

No Encryption in Sandbox

In the sandbox environment, data encryption is not enforced. This environment is designed for testing and development purposes, where you can send and receive data in plain text.

Why No Encryption in Sandbox?

  • Simplified Testing: The lack of encryption in the sandbox environment allows developers to easily debug and monitor API requests and responses without the complexity of encryption and decryption.
  • No Sensitive Data: Since the sandbox environment is intended for testing, it’s important to use only mock or non-sensitive data.

Avoid transmitting real or sensitive data in the sandbox environment, as it is not encrypted. Always use the production environment for live data that needs to be securely handled.

Best Practices for Encryption

When moving your application from sandbox to production, ensure that your API requests are properly encrypted using AES 256-bit encryption. Failure to do so could expose sensitive data to unauthorized access.

  1. Key Management:

    • Keep your encryption keys secure. Rotate keys periodically and ensure they are never hard-coded in your application.

  2. Use Strong Encryption Algorithms:

    • Always use industry-standard encryption algorithms like AES 256-bit, and avoid custom or weak encryption methods.

  3. Regular Security Audits:

    • Perform regular security audits to ensure your encryption implementation is robust and that your API communications remain secure.

For additional security, combine encryption with other security measures such as HTTPS, OAuth tokens, and regular monitoring of API activity.

Was this page helpful?

AuthenticationEnvironment