> ## Documentation Index
> Fetch the complete documentation index at: https://doc.withedge.co/llms.txt
> Use this file to discover all available pages before exploring further.

# Data Encryption

> When interacting with the Edge API, understanding how data is secured is crucial. Depending on the environment—production or sandbox—the encryption protocols differ, affecting how you handle API requests and responses.

## Encryption in Production

In the **production environment**, all API calls and responses are encrypted using AES 256-bit encryption. This ensures that your data is transmitted securely and is protected from unauthorized access.

### What is AES 256-bit Encryption?

AES (Advanced Encryption Standard) 256-bit is a symmetric encryption algorithm that encrypts and decrypts data using a 256-bit key. It is one of the most secure encryption standards available and is widely used in industries requiring high levels of data security.

<Info>
  AES 256-bit encryption is approved by the National Security Agency (NSA) for protecting classified information, which underscores its reliability and strength.
</Info>

### How to Implement AES 256-bit Encryption

To secure your API calls with AES 256-bit encryption in the production environment, follow these steps:

1. **Generate the Encryption Key:**
   Your API's **secret key** will serve as the encryption key for AES 256-bit encryption. This key should be kept secure and not shared publicly.

2. **Encrypt the Data:**
   * Use a standard AES 256-bit encryption library in your preferred programming language.
   * Encrypt the payload of your API request using your secret key.
   * Ensure that both the client and server are configured to use the same encryption key.

3. **Add Encryption Information to the Request Header:**
   After encrypting the data, include an additional header in your API request to indicate that the payload is encrypted:

   ```http
   Headers: {
     "Host": "api.withedge.co",
     "Content-Type": "application/json",
     "Authorization": "Bearer {Base64 encoded client+secret}",
     "X-Encryption-Type": "AES256"
   }
   ```

   * **X-Encryption-Type**: This header indicates that the payload is encrypted using AES 256-bit. The server will then decrypt the payload using the corresponding secret key.

4. **Send the Encrypted Request:**
   * Once the payload is encrypted and the header is added, send your API request as usual. The Edge API will decrypt the data on the server side before processing it.

### Example Request with Encryption

Here’s how a sample request might look when using AES 256-bit encryption:

```http
POST /users HTTP/1.1
Host: api.withedge.co
Content-Type: application/json
Authorization: Bearer {Base64 encoded client+secret}
X-Encryption-Type: AES256

{
  "encryptedData": "U2FsdGVkX19+zuiLHS4Pj6RQgHVK6YVXeQm9X9gX3M="
}
```

***

## No Encryption in Sandbox

In the **sandbox environment**, data encryption is not enforced. This environment is designed for testing and development purposes, where you can send and receive data in plain text.

### Why No Encryption in Sandbox?

* **Simplified Testing:** The lack of encryption in the sandbox environment allows developers to easily debug and monitor API requests and responses without the complexity of encryption and decryption.
* **No Sensitive Data:** Since the sandbox environment is intended for testing, it’s important to use only mock or non-sensitive data.

<Warning>
  Avoid transmitting real or sensitive data in the sandbox environment, as it is not encrypted. Always use the production environment for live data that needs to be securely handled.
</Warning>

***

## Best Practices for Encryption

<Info>
  When moving your application from sandbox to production, ensure that your API requests are properly encrypted using AES 256-bit encryption. Failure to do so could expose sensitive data to unauthorized access.
</Info>

1. **Key Management:**
   * Keep your encryption keys secure. Rotate keys periodically and ensure they are never hard-coded in your application.

2. **Use Strong Encryption Algorithms:**
   * Always use industry-standard encryption algorithms like AES 256-bit, and avoid custom or weak encryption methods.

3. **Regular Security Audits:**
   * Perform regular security audits to ensure your encryption implementation is robust and that your API communications remain secure.

***

<Info>
  For additional security, combine encryption with other security measures such as HTTPS, OAuth tokens, and regular monitoring of API activity.
</Info>
