Endpoints & Operations
Overview
Anka Secure exposes a single REST surface, logically grouped into the blocks below:
| Category | Purpose |
|---|---|
| Key Management | Full sovereign life-cycle for classical, symmetric and post-quantum keys. |
| Secure Operations (Compact) JWE / JWS |
One-shot encryption, decryption, signing, verification, re-encrypt & re-sign. |
| Secure Operations (Streaming) JWET / detached-JWS |
Chunked variants optimised for files ≫ memory (multipart/mixed & multipart/form-data). |
| Migration & Interoperability | Helpers to import existing material (PKCS#12, JWK, raw), verify or encrypt with caller-supplied public keys, and bulk re-encrypt between algorithms. |
All endpoints are internationalised (
Accept-Language: en | es) and return RFC 7807 problem envelopes on errors.
Base URL
Every path in the spec is appended to the base URL (e.g. /api/crypto/encrypt).
Security Schemes
| Scheme | Header | Notes |
|---|---|---|
| JWT Bearer | Authorization: Bearer <token> |
Issued by your own OAuth/OIDC provider (AWS Cognito, IBM API Connect, ...). |
Quick Navigation
| Topic | Go to |
|---|---|
| Compact operations (JWE/JWS) | Secure Operations -- Compact |
| Streaming operations (JWET/detached-JWS) | Secure Operations -- Streaming |
| Key management & crypto-agility | Key Management |
| Migration utilities & cross-algo flows | Migration & Interoperability |
Versioning & Stability
-
Current API version: 2.2.0
-
All breaking changes follow semver guidelines and are announced ≥ 30 days in advance.
-
New non-breaking fields may appear (forward-compatible clients should ignore unknown JSON properties).
Next Steps
-
Authentication -- obtain a JWT from your IdP.
-
Key bootstrap -- generate or import keys via the Key Management endpoints.
-
Crypto calls -- invoke
/api/crypto/*or/api/crypto/stream/*as required. -
Monitor & rotate -- track quota headers, audit warnings and rotate keys before sunset.
Open any page from Quick Navigation for request/response details, examples and Mermaid diagrams.