Begin multi-part decryption.

Published on Jul 8, 2025

1 minute(s) read

Post

/crypto/v1/decrypt/init

This API is used when decrypting more data than the client wishes to submit in a single request. It supports only symmetric ciphers and CBC, CBCNOPAD, CTR, and GCM modes of operation. To perform multi-part decryption, the client makes one request to the init resource, zero or more requests to the update resource, followed by one request to the final resource. The response to init and update requests includes a state field. The state is an opaque data blob that must be supplied unmodified by the client with each subsequent request.

Security

HTTP

Type bearer

API Key: apiKeyAuth

Header parameter nameAuthorization

Body parameters

Expand All

object

key

Uniquely identifies a persisted or transient sobject.

OneOf

SobjectDescriptorVariantKid

object (SobjectDescriptorVariantKid)

kid

string (uuid) Required

SobjectDescriptorVariantName

object (SobjectDescriptorVariantName)

name

string Required

Max length4096

Pattern^[^\n]*[^\s\n][^\n]*$

SobjectDescriptorVariantTransientKey

object (SobjectDescriptorVariantTransientKey)

transient_key

string (byte) Required

SobjectDescriptorVariantInline

object (SobjectDescriptorVariantInline)

inline

object Required

value

string (byte) Required

obj_type

string Required

Type of security object.

Valid values[ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "EC", "KCDSA", "ECKCDSA", "BIP32", "BLS", "OPAQUE", "HMAC", "LEDABETA", "ROUND5BETA", "SECRET", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "CERTIFICATE", "PBE" ]

alg

string

A cryptographic algorithm.

Valid values[ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "KCDSA", "EC", "ECKCDSA", "BIP32", "BLS", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "HMAC", "LEDABETA", "ROUND5BETA", "PBE" ]

mode

string

Cipher mode used for symmetric key algorithms.

Valid values[ "ECB", "CBC", "CBCNOPAD", "CFB", "OFB", "CTR", "GCM", "CCM", "KW", "KWP", "FF1" ]

string (byte)

Initialization vector. Required for symmetric algorithms.

string (byte)

Authenticated data. Only applicable when using GCM mode.

Responses

2XX

Success result

object

kid

string (uuid) | null

The key id is returned for non-transient keys.

state

string (byte)

Opaque data, not to be interpreted or modified by the client and must be provided with next request.

Was this article helpful?