Skip to main content

Vault V2 Keys API Reference

Run In Postman
post/v2/key/generate
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/key/generate' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Generate key

POST
https://vault.aws.us.pangea.cloud/v2/key/generate

Generate a symmetric or asymmetric key.

required parameters

string

Purpose of the key:

  • signing - Asymmetric key used for creating and verifying cryptographic signatures
  • encryption - Asymmetric key used for encryption and decryption operations
  • jwt - Asymmetric key used for signing JSON Web Tokens (JWT), producing a verifiable JSON Web Signature (JWS)
  • pki - Asymmetric key used for Public Key Infrastructure (PKI) functions, such as certificate lifecycle management and identity verification
string

Name of the item

string

Folder where the item is stored

object

Metadata provided by the user

array<string>

List of user-defined tags

string (pangea-duration)

Time interval between item rotations, provided as a positive number followed by a time unit: secs, mins, hrs, days, weeks, months, or years. You can use abbreviations like 1d. Omit to inherit from the parent folder or default settings. Set to never to disable rotation.

string

Target state for the previous version after rotation. Set to inherited to inherit from the parent folder or default settings.

string (date-time)

Timestamp indicating when the item will be disabled

boolean
(default: false)

Allows the creation of an exportable key. Default is false.

object

Pangea standard response schema

string

ID of the key

string

Type of the Vault item

string

Algorithm of the key

string

Purpose of the key:

  • signing - Asymmetric key used for creating and verifying cryptographic signatures
  • encryption - Asymmetric key used for encryption and decryption operations
  • jwt - Asymmetric key used for signing JSON Web Tokens (JWT), producing a verifiable JSON Web Signature (JWS)
  • pki - Asymmetric key used for Public Key Infrastructure (PKI) functions, such as certificate lifecycle management and identity verification
boolean
(default: false)

true if the key is exportable

array<object>
integer

Item version

string (date-time)

Timestamp indicating when this version was created

string

State of the item version

string (date-time)

Timestamp indicating when this version will be destroyed

string (date-time)

Timestamp of the last rotation

string

Public key (in PEM format)

object

Metadata provided by the user

integer

Total number of versions of the item

boolean

true if the item is enabled

string

Name of the item

string

Folder where the item is stored

array<string>

List of user-defined tags

string (date-time)

Timestamp of the last rotation

string (date-time)

Timestamp of the next rotation if auto-rotation is enabled

string (date-time)

Timestamp indicating when the item will be disabled

string (date-time)

Timestamp indicating when the item was created

string

Time interval between item rotations

string

Target state for the previous version after rotation

object

Full paths of the parent folders from which settings inherit their values

string
string
string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/key/rotate
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/key/rotate' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Rotate key

POST
https://vault.aws.us.pangea.cloud/v2/key/rotate

Manually rotate a symmetric or asymmetric key. Optionally, provide new key value(s) created using the same algorithm as the original key.

required parameters

string

ID of the key

string

Target state for the previous version after rotation. Omit to apply the current rotation policy.

string (base64)

Key material (Base64-encoded)

object

Pangea standard response schema

string

ID of the key

string

Type of the Vault item

string

Algorithm of the key

string
(default: "encryption")

Purpose of the key:

  • encryption - Symmetric key used for encryption and decryption operations
  • jwt - Symmetric key used for signing JSON Web Tokens (JWT), producing a verifiable JSON Web Signature (JWS)
  • fpe - Symmetric key used for Format Preserving Encryption (FPE)
boolean
(default: false)

true if the key is exportable

array<object>
integer

Item version

string (date-time)

Timestamp indicating when this version was created

string

State of the item version

string (date-time)

Timestamp indicating when this version will be destroyed

string (date-time)

Timestamp of the last rotation

object

Metadata provided by the user

integer

Total number of versions of the item

boolean

true if the item is enabled

string

Name of the item

string

Folder where the item is stored

array<string>

List of user-defined tags

string (date-time)

Timestamp of the last rotation

string (date-time)

Timestamp of the next rotation if auto-rotation is enabled

string (date-time)

Timestamp indicating when the item will be disabled

string (date-time)

Timestamp indicating when the item was created

string

Time interval between item rotations

string

Target state for the previous version after rotation

object

Full paths of the parent folders from which settings inherit their values

string
string
string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/encrypt
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/encrypt' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Encrypt

POST
https://vault.aws.us.pangea.cloud/v2/encrypt

Encrypt a message using a key created for encryption purposes.

required parameters

string

ID of the key to use. It must be a symmetric_key or asymmetric_key created for encryption purposes.

string (base64)

Message to be encrypted (Base64-encoded)

integer

Version of the key. If not specified, the latest version is used by default.

  • minimum: 1
string

Extra data optionally accepted by some algorithms during encryption and required during decryption to ensure message integrity (Base64-encoded)

object

Pangea standard response schema

object
string

ID of the key

integer

Version of the key used for encryption

  • minimum: 1
string

Algorithm of the key used for encryption

string (base64)

Encrypted message (Base64-encoded)

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/decrypt
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/decrypt' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Decrypt

POST
https://vault.aws.us.pangea.cloud/v2/decrypt

Decrypt a message using the same key that was used for encryption.

required parameters

string

ID of the key used for encrypting cipher_text

string (base64)

Message encrypted by Vault (Base64-encoded)

integer

Version of the key. If not specified, the latest version is used by default.

  • minimum: 1
string

Extra data optionally accepted by some algorithms during encryption and required during decryption to ensure message integrity (Base64-encoded)

object

Pangea standard response schema

object
string

ID of the key

integer

Version of the key used for decryption

  • minimum: 1
string

Algorithm of the key used for decryption

string (base64)

Decrypted message (Base64-encoded)

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/encrypt_structured
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/encrypt_structured' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Encrypt structured data

POST
https://vault.aws.us.pangea.cloud/v2/encrypt_structured

Encrypt structured data by selecting and encrypting parts of a JSON object using a JSONPath expression.

For example, use a JSONPath like $.batch_input[*].ssn to select elements in the following JSON document:

{
    "batch_input": [
        {
            "ssn": "123-45-6789"
        },
        {
            "ssn": "987-65-4321"
        }
    ]
}

Using this filter for encryption will return a JSON document where 123-45-6789 and 987-65-4321 are replaced with their encrypted values.

Find additional details in the Structured Data Encryption and JSON Path documentation.

required parameters

string

ID of the key to use. It must be a symmetric_key or asymmetric_key created for encryption purposes.

object

JSON used to perform bulk encryption operations

string (jsonpath)

Filter expression that must target string elements in the structured_data field

integer

Version of the key. If not specified, the latest version is used by default.

  • minimum: 1
string

Extra data optionally accepted by some algorithms during encryption and required during decryption to ensure message integrity (Base64-encoded)

object

Pangea standard response schema

object
string

ID of the key

integer

Version of the key used for encryption

  • minimum: 1
string

Algorithm of the key used for encryption

object

Structured data with the filtered elements encrypted

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/decrypt_structured
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/decrypt_structured' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Decrypt structured

POST
https://vault.aws.us.pangea.cloud/v2/decrypt_structured

Decrypt structured data by selecting encrypted parts of a JSON object using a JSONPath expression.

For example, use a JSONPath like $.batch_input[*].ssn to select encrypted elements in the following JSON document:

{
    "batch_input": [
        {
            "ssn": "CwAAAIfgVg2uv98KIMhAS17DQfznWEA8yXTqLvZFaXDafQIu"
        },
        {
            "ssn": "CwAAADIqwKdF8LQc9SlAFvyf+G4wvsCgurmuVIWad9Ip5tl2"
        }
    ]
}

Using this filter for decryption will return a JSON document with the encrypted values replaced by their decrypted counterparts.

Find additional details in the Structured Data Encryption and JSON Path documentation.

required parameters

string

ID of the key used for encrypting structured_data

object

Structured data with the filtered elements encrypted

string (jsonpath)

Filter expression that must target string elements in the structured_data field

integer

Version of the key. If not specified, the latest version is used by default.

  • minimum: 1
string

Extra data optionally accepted by some algorithms during encryption and required during decryption to ensure message integrity (Base64-encoded)

object

Pangea standard response schema

object
string

ID of the item

integer

Version of the key used for decryption

  • minimum: 1
string

Algorithm of the key

object

JSON used to perform bulk encryption operations

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/encrypt_transform
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/encrypt_transform' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Encrypt using FPE

POST
https://vault.aws.us.pangea.cloud/v2/encrypt_transform

Encrypt using a Format Preserving Encryption (FPE) algorithm.

required parameters

string

ID of the key to use. It must be a symmetric_key created for Format Preserving Encryption.

string

Message to be encrypted

string

Character set to use for Format Preserving Encryption (FPE)

integer

Version of the key. If not specified, the latest version is used by default.

  • minimum: 1
string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

object

Pangea standard response schema

object
string

ID of the key

integer

Version of the key used for encryption

  • minimum: 1
string

Algorithm of the key used for encryption

string

Message encrypted with FPE

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

string

Character set to use for Format Preserving Encryption (FPE)

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/decrypt_transform
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/decrypt_transform' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Decrypt using FPE

POST
https://vault.aws.us.pangea.cloud/v2/decrypt_transform

Decrypt using a Format Preserving Encryption (FPE) algorithm.

required parameters

string

ID of the key used for encrypting cipher_text

string

Message encrypted by Vault

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

string

Character set to use for Format Preserving Encryption (FPE)

integer

Version of the key. If not specified, the latest version is used by default.

  • minimum: 1
object

Pangea standard response schema

object
string

ID of the key

integer

Version of the key used for decryption

  • minimum: 1
string

Algorithm of the key used for encryption

string

Message to be encrypted

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/encrypt_transform_structured
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/encrypt_transform_structured' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Encrypt structured data using FPE

POST
https://vault.aws.us.pangea.cloud/v2/encrypt_transform_structured

Encrypt structured data using a Format Preserving Encryption (FPE) algorithm by selecting and encrypting parts of a JSON object with a JSONPath expression.

For example, use a JSONPath like $.batch_input[*].ssn to select elements in the following JSON document:

{
    "batch_input": [
        {
            "ssn": "123-45-6789"
        },
        {
            "ssn": "987-65-4321"
        }
    ]
}

Using this filter for encryption will return a JSON document where 123-45-6789 and 987-65-4321 are replaced with their FPE-encrypted values.

Find additional information in the Format Preserving Encryption (FPE), Structured Data Encryption, and JSON Path documentation.

required parameters

string

ID of the key to use. It must be a symmetric_key created for Format Preserving Encryption.

string

Character set to use for Format Preserving Encryption (FPE)

object

JSON used to perform bulk encryption operations

string (jsonpath)

Filter expression that must target string elements in the structured_data field

integer

Version of the key. If not specified, the latest version is used by default.

  • minimum: 1
string

Extra data optionally accepted by some algorithms during encryption and required during decryption to ensure message integrity (Base64-encoded)

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

object

Pangea standard response schema

object
string

ID of the key

integer

Version of the key used for encryption

  • minimum: 1
string

Algorithm of the key used for encryption

object

Structured data with the filtered elements encrypted using FPE

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

string

Character set to use for Format Preserving Encryption (FPE)

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/decrypt_transform_structured
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/decrypt_transform_structured' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Decrypt structured data using FPE

POST
https://vault.aws.us.pangea.cloud/v2/decrypt_transform_structured

Decrypt structured data by selecting FPE-encrypted parts of a JSON object using a JSONPath expression.

For example, use a JSONPath like $.batch_input[*].ssn to select FPE-encrypted elements in the following JSON document:

{
    "batch_input": [
        {
            "ssn": "987-65-4321"
        },
        {
            "ssn": "123-45-6789"
        }
    ]
}

Using this filter for decryption will return a JSON document with the FPE-encrypted values replaced by their decrypted counterparts.

Find additional information in the Format Preserving Encryption (FPE), Structured Data Encryption, and JSON Path documentation.

required parameters

string

ID of the key used for encrypting structured_data

object

Structured data with the filtered elements encrypted using FPE

string (jsonpath)

Filter expression that must target string elements in the structured_data field

string

Character set to use for Format Preserving Encryption (FPE)

integer

Version of the key. If not specified, the latest version is used by default.

  • minimum: 1
string

Extra data optionally accepted by some algorithms during encryption and required during decryption to ensure message integrity (Base64-encoded)

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

object

Pangea standard response schema

object
string

ID of the key

integer

Version of the key used for decryption

  • minimum: 1
string

Algorithm of the key used for encryption

object

JSON used to perform bulk encryption operations

string

User-provided tweak string. If omitted, a random string will be generated and returned during encryption. Securely store the tweak source, as it is required to decrypt the data.

string

Character set to use for Format Preserving Encryption (FPE)

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/sign
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/sign' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Sign

POST
https://vault.aws.us.pangea.cloud/v2/sign

Sign a message using a key for creating and verifying cryptographic signatures.

required parameters

string

ID of the key to use. It must be an asymmetric_key created for signing purposes.

string (base64)

Message to be signed (Base64-encoded)

integer

Version of the key. If not specified, the latest version is used by default.

  • minimum: 1
object

Pangea standard response schema

object
string

ID of the key used for signing

integer

Version of the key used for signing

  • minimum: 1
string

Algorithm of the key used for signing

string (base64)

Signature of the message (Base64-encoded)

string

Public key (in PEM format)

string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/verify
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/verify' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Verify signature

POST
https://vault.aws.us.pangea.cloud/v2/verify

Verify a signature using a key for creating and verifying cryptographic signatures.

required parameters

string

ID of the key used for signing message

string (base64)

Message used for generating signature (Base64-encoded)

string (base64)

Signature to be verified, generated for message (Base64-encoded)

integer

Version of the key. If not specified, the latest version is used by default.

  • minimum: 1
object

Pangea standard response schema

object
string

ID of the key used for signing

integer

Version of the key used for signing

  • minimum: 1
string

Algorithm of the key used for signing

boolean

Indicates whether the signature has been verified:

  • true - The signature is valid
  • false - The signature is not valid
string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

post/v2/key/store
curl -sSLX POST 'https://vault.aws.us.pangea.cloud/v2/key/store' \
-H 'Authorization: Bearer <your_token>' \
-H 'Content-Type: application/json' \
-d '{}'

Response


Store key

POST
https://vault.aws.us.pangea.cloud/v2/key/store

Import and store a symmetric or asymmetric key as a Vault item.

required parameters

string

Purpose of the key:

  • signing - Asymmetric key used for creating and verifying cryptographic signatures
  • encryption - Asymmetric key used for encryption and decryption operations
  • jwt - Asymmetric key used for signing JSON Web Tokens (JWT), producing a verifiable JSON Web Signature (JWS)
  • pki - Asymmetric key used for Public Key Infrastructure (PKI) functions, such as certificate lifecycle management and identity verification
string

Public key (in PEM format)

string

Private key (in PEM format)

string

Name to be assigned to the key

string

Folder where this key will be stored in Vault. By default, a folder is created or used based on the key’s purpose: /key/encryption, /key/signing, or /key/jwt.

object

Metadata provided by the user

array<string>

List of user-defined tags

string (pangea-duration)

Time interval between item rotations, provided as a positive number followed by a time unit: secs, mins, hrs, days, weeks, months, or years. You can use abbreviations like 1d. Omit to inherit from the parent folder or default settings. Set to never to disable rotation.

string

Target state for the previous version after rotation. Set to inherited to inherit from the parent folder or default settings.

string (date-time)

Timestamp indicating when the item will be disabled

boolean
(default: false)

Allows the creation of an exportable key. Default is false.

object

Pangea standard response schema

string

ID of the key

string

Type of the Vault item

string

Algorithm of the key

string

Purpose of the key:

  • signing - Asymmetric key used for creating and verifying cryptographic signatures
  • encryption - Asymmetric key used for encryption and decryption operations
  • jwt - Asymmetric key used for signing JSON Web Tokens (JWT), producing a verifiable JSON Web Signature (JWS)
  • pki - Asymmetric key used for Public Key Infrastructure (PKI) functions, such as certificate lifecycle management and identity verification
boolean
(default: false)

true if the key is exportable

array<object>
integer

Item version

string (date-time)

Timestamp indicating when this version was created

string

State of the item version

string (date-time)

Timestamp indicating when this version will be destroyed

string (date-time)

Timestamp of the last rotation

string

Public key (in PEM format)

object

Metadata provided by the user

integer

Total number of versions of the item

boolean

true if the item is enabled

string

Name of the item

string

Folder where the item is stored

array<string>

List of user-defined tags

string (date-time)

Timestamp of the last rotation

string (date-time)

Timestamp of the next rotation if auto-rotation is enabled

string (date-time)

Timestamp indicating when the item will be disabled

string (date-time)

Timestamp indicating when the item was created

string

Time interval between item rotations

string

Target state for the previous version after rotation

object

Full paths of the parent folders from which settings inherit their values

string
string
string

A unique identifier assigned to each request made to the API. It is used to track and identify a specific request and its associated data. The request_id can be helpful for troubleshooting, auditing, and tracing the flow of requests within the system. It allows users to reference and retrieve information related to a particular request, such as the response, parameters, and raw data associated with that specific request.

"request_id":"prq_x6fdiizbon6j3bsdvnpmwxsz2aan7fqd"
string

The timestamp indicates the exact moment when a request is made to the API. It represents the date and time at which the request was initiated by the client. The request_time is useful for tracking and analyzing the timing of requests, measuring response times, and monitoring performance metrics. It allows users to determine the duration between the request initiation and the corresponding response, aiding in the assessment of API performance and latency.

"request_time":"2022-09-21T17:24:33.105Z"
string

Duration it takes for the API to process a request and generate a response. It represents the elapsed time from when the request is received by the API to when the corresponding response is returned to the client.

"response_time":"2022-09-21T17:24:34.007Z"
string

It represents the status or outcome of the API request made for IP information. It indicates the current state or condition of the request and provides information on the success or failure of the request.

"status":"success"
string

Provides a concise and brief overview of the purpose or primary objective of the API endpoint. It serves as a high-level summary or description of the functionality or feature offered by the endpoint.

Was this article helpful?

Contact us