curl --request POST \
--url https://api.customer.com/sarvam/byok/v1/decrypt-key \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--header 'x-request-id: <x-request-id>' \
--header 'x-request-timestamp: <x-request-timestamp>' \
--data '
{
"data": {
"key_alias": "samvaad-prod-master-key-01",
"encrypted_key": "byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING"
}
}
'import requests
url = "https://api.customer.com/sarvam/byok/v1/decrypt-key"
payload = { "data": {
"key_alias": "samvaad-prod-master-key-01",
"encrypted_key": "byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING"
} }
headers = {
"x-request-id": "<x-request-id>",
"x-request-timestamp": "<x-request-timestamp>",
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {
'x-request-id': '<x-request-id>',
'x-request-timestamp': '<x-request-timestamp>',
Authorization: 'Bearer <token>',
'Content-Type': 'application/json'
},
body: JSON.stringify({
data: {
key_alias: 'samvaad-prod-master-key-01',
encrypted_key: 'byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING'
}
})
};
fetch('https://api.customer.com/sarvam/byok/v1/decrypt-key', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.customer.com/sarvam/byok/v1/decrypt-key",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'data' => [
'key_alias' => 'samvaad-prod-master-key-01',
'encrypted_key' => 'byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING'
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json",
"x-request-id: <x-request-id>",
"x-request-timestamp: <x-request-timestamp>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.customer.com/sarvam/byok/v1/decrypt-key"
payload := strings.NewReader("{\n \"data\": {\n \"key_alias\": \"samvaad-prod-master-key-01\",\n \"encrypted_key\": \"byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("x-request-id", "<x-request-id>")
req.Header.Add("x-request-timestamp", "<x-request-timestamp>")
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.customer.com/sarvam/byok/v1/decrypt-key")
.header("x-request-id", "<x-request-id>")
.header("x-request-timestamp", "<x-request-timestamp>")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"data\": {\n \"key_alias\": \"samvaad-prod-master-key-01\",\n \"encrypted_key\": \"byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING\"\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.customer.com/sarvam/byok/v1/decrypt-key")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["x-request-id"] = '<x-request-id>'
request["x-request-timestamp"] = '<x-request-timestamp>'
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"data\": {\n \"key_alias\": \"samvaad-prod-master-key-01\",\n \"encrypted_key\": \"byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING\"\n }\n}"
response = http.request(request)
puts response.read_body{
"data": {
"plaintext_key": "VGhpcyBJcyBBIERlY3J5cHRlZCBLZXkgRm9yIFRlc3Rpbmc="
}
}{
"error": {
"code": "SERVICE_UNAVAILABLE",
"message": "Service is currently unavailable."
}
}{
"error": {
"code": "SERVICE_UNAVAILABLE",
"message": "Service is currently unavailable."
}
}{
"error": {
"code": "SERVICE_UNAVAILABLE",
"message": "Service is currently unavailable."
}
}{
"error": {
"code": "SERVICE_UNAVAILABLE",
"message": "Service is currently unavailable."
}
}{
"error": {
"code": "SERVICE_UNAVAILABLE",
"message": "Service is currently unavailable."
}
}Decrypt Key
Samvaad calls this endpoint to decrypt an Encrypted Data Encryption Key (EDEK) using the corresponding master key in your Key Management System (KMS) or HSM.
The plaintext key is then cached securely in memory by Samvaad for a short, configurable duration to perform data encryption and decryption operations. The key_alias is used to identify which master key should be used for decryption.
curl --request POST \
--url https://api.customer.com/sarvam/byok/v1/decrypt-key \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--header 'x-request-id: <x-request-id>' \
--header 'x-request-timestamp: <x-request-timestamp>' \
--data '
{
"data": {
"key_alias": "samvaad-prod-master-key-01",
"encrypted_key": "byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING"
}
}
'import requests
url = "https://api.customer.com/sarvam/byok/v1/decrypt-key"
payload = { "data": {
"key_alias": "samvaad-prod-master-key-01",
"encrypted_key": "byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING"
} }
headers = {
"x-request-id": "<x-request-id>",
"x-request-timestamp": "<x-request-timestamp>",
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {
'x-request-id': '<x-request-id>',
'x-request-timestamp': '<x-request-timestamp>',
Authorization: 'Bearer <token>',
'Content-Type': 'application/json'
},
body: JSON.stringify({
data: {
key_alias: 'samvaad-prod-master-key-01',
encrypted_key: 'byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING'
}
})
};
fetch('https://api.customer.com/sarvam/byok/v1/decrypt-key', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.customer.com/sarvam/byok/v1/decrypt-key",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'data' => [
'key_alias' => 'samvaad-prod-master-key-01',
'encrypted_key' => 'byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING'
]
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json",
"x-request-id: <x-request-id>",
"x-request-timestamp: <x-request-timestamp>"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.customer.com/sarvam/byok/v1/decrypt-key"
payload := strings.NewReader("{\n \"data\": {\n \"key_alias\": \"samvaad-prod-master-key-01\",\n \"encrypted_key\": \"byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING\"\n }\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("x-request-id", "<x-request-id>")
req.Header.Add("x-request-timestamp", "<x-request-timestamp>")
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.customer.com/sarvam/byok/v1/decrypt-key")
.header("x-request-id", "<x-request-id>")
.header("x-request-timestamp", "<x-request-timestamp>")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"data\": {\n \"key_alias\": \"samvaad-prod-master-key-01\",\n \"encrypted_key\": \"byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING\"\n }\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.customer.com/sarvam/byok/v1/decrypt-key")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["x-request-id"] = '<x-request-id>'
request["x-request-timestamp"] = '<x-request-timestamp>'
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"data\": {\n \"key_alias\": \"samvaad-prod-master-key-01\",\n \"encrypted_key\": \"byok:v1:CiBQ EXEMPLARY/ENCRYPTED+DATA+STRING\"\n }\n}"
response = http.request(request)
puts response.read_body{
"data": {
"plaintext_key": "VGhpcyBJcyBBIERlY3J5cHRlZCBLZXkgRm9yIFRlc3Rpbmc="
}
}{
"error": {
"code": "SERVICE_UNAVAILABLE",
"message": "Service is currently unavailable."
}
}{
"error": {
"code": "SERVICE_UNAVAILABLE",
"message": "Service is currently unavailable."
}
}{
"error": {
"code": "SERVICE_UNAVAILABLE",
"message": "Service is currently unavailable."
}
}{
"error": {
"code": "SERVICE_UNAVAILABLE",
"message": "Service is currently unavailable."
}
}{
"error": {
"code": "SERVICE_UNAVAILABLE",
"message": "Service is currently unavailable."
}
}Authorizations
A token sent in the Authorization header.
This can be one of two types:
- A short-lived JWT obtained from the
/authendpoint. - A long-lived, static API Key provided during setup.
In both cases, the header format is Authorization: Bearer <token>.
Headers
A unique identifier for this specific API call, generated by the client (Samvaad).
An identifier to trace a single request across multiple services.
The ISO 8601 timestamp of when the client sent the request.
Body
The request containing the key alias and the encrypted key data.
The request payload to decrypt a key.
Show child attributes
Show child attributes
Response
The DEK was successfully decrypted.
The response payload containing the decrypted key.
Show child attributes
Show child attributes