Skip to content
POST AI agent ready /v1/encrypt/decrypt

AES-256 Decryption API - Free Text Decryption

Send the encrypted string produced by the encrypt endpoint along with the original password to recover the plaintext. The decryption happens server-side in memory; neither the ciphertext nor the recovered plaintext is stored or logged.

Parameters

stringrequired

The base64-encoded ciphertext returned by the /v1/encrypt/encrypt endpoint.

stringrequired

The same password used during encryption.

Code examples

curl -X POST https://api.botoi.com/v1/encrypt/decrypt \
  -H "Content-Type: application/json" \
  -d '{"ciphertext":"base64-encoded salt+iv+encrypted data","password":"my-strong-password-2026"}'

When to use this API

Decrypt config values at application startup

Store encrypted database credentials and API keys in your config files or environment. At boot time, call the decrypt endpoint to recover the plaintext values. This keeps secrets safe at rest without a dedicated vault.

Decrypt payloads received from other services

When your service receives an encrypted payload from an upstream microservice (encrypted via the encrypt endpoint), decrypt it here before processing. Ensures sensitive data stays encrypted over the wire.

Build a "reveal secret" feature in your app

Let users store encrypted notes or passwords. When they click "reveal," call the decrypt endpoint with their master password. The plaintext is shown once and never persisted on your servers.

Frequently asked questions

Is my data stored or logged during decryption?
No. The ciphertext, password, and recovered plaintext are held in memory only during the request and discarded immediately after the response.
What happens if I provide the wrong password?
AES-256-GCM is authenticated encryption. If the password is wrong, the authentication tag verification fails and the API returns an error. It will not return garbled plaintext.
Can I decrypt data that was encrypted outside this API?
The endpoint expects the specific format produced by the /v1/encrypt/encrypt endpoint (includes IV, salt, and ciphertext in a structured string). If you match that format and PBKDF2 parameters, external ciphertext will work.
Is there a size limit on the encrypted string?
The request body limit is 1 MB. For most text encryption use cases (config values, tokens, short messages), this is more than enough.
Can I decrypt the same ciphertext multiple times?
Yes. As long as you provide the correct password, the same ciphertext decrypts to the same plaintext every time. The ciphertext is not consumed or invalidated by decryption.

Get your API key

Free tier includes 5 requests per minute with no credit card required. Upgrade for higher limits.

Sign up free View full docs