Skip to content
POST AI agent ready /v1/encrypt/encrypt

AES-256 Encryption API - Free Text Encryption

Send plaintext and a password to receive AES-256-GCM encrypted ciphertext. The encryption uses a unique IV for every request, ensuring identical inputs produce different outputs. Your plaintext and password are processed in memory and never stored or logged.

Parameters

stringrequired

The plaintext string to encrypt.

stringrequired

The password used to derive the encryption key via PBKDF2.

Code examples

curl -X POST https://api.botoi.com/v1/encrypt/encrypt \
  -H "Content-Type: application/json" \
  -d '{"plaintext":"secret message","password":"my-strong-password-2026"}'

When to use this API

Encrypt sensitive config values before storing in a database

Encrypt API keys, tokens, or connection strings before writing them to your config table. Decrypt them at runtime with the paired decrypt endpoint. This adds a layer of protection if your database is compromised.

Encrypt data in transit between microservices

When passing sensitive payloads (PII, payment tokens) between services over internal networks, encrypt the payload at the sender and decrypt at the receiver. Protects against packet sniffing on shared infrastructure.

Build a client-side secrets manager prototype

Encrypt user-provided secrets (passwords, notes) server-side and return the ciphertext for the client to store locally. The server never persists the data; the user controls where the encrypted blob lives.

Frequently asked questions

Are my plaintext and password stored or logged?
No. Both are held in memory only during encryption and discarded immediately after the response. Nothing is written to disk, databases, or logs.
Why does encrypting the same text twice produce different results?
Each encryption uses a cryptographically random IV (initialization vector). This is expected behavior for AES-GCM and prevents attackers from detecting repeated plaintext patterns.
How is the encryption key derived from my password?
The password is run through PBKDF2 with a random salt and a high iteration count to produce a 256-bit key. The salt is included in the output so decryption can recreate the same key.
Can I decrypt the output with my own code instead of the decrypt endpoint?
Yes. The output format includes the IV, salt, and ciphertext. Any AES-256-GCM library (Node.js crypto, Python cryptography, Go crypto/aes) can decrypt it if you parse those components and derive the key with the same PBKDF2 parameters.
Is AES-256-GCM secure enough for production use?
AES-256-GCM is the encryption standard recommended by NIST and used by TLS 1.3, AWS S3, and Google Cloud Storage. It provides both confidentiality and integrity (authenticated encryption).

Get your API key

Free tier includes 5 requests per minute with no credit card required. Upgrade for higher limits.

Sign up free View full docs