Skip to main content

Payload Encryption

The Payload Encryption section allows you to encrypt and decrypt request and response payloads for a specific service in Connect.

When enabled, Connect applies AES-256 encryption to protect sensitive data in transit between clients and downstream systems.

Connect handles encryption and decryption at the Api gateway level before forwarding any requests to downstream services.

Payload encryption configuration screen showing encryption key settings

Figure 1: Payload encryption configuration interface in Connect.

Where to Configure

Navigate to:

Service → Settings → Payload Encryption

Enable Payload Encryption

Use the Enabled toggle to activate encryption for this service.

When disabled, request and response payloads are transmitted without additional application-level encryption (standard TLS will still apply).

Encryption Algorithm

Connect uses:

AES-256

for symmetric encryption of payload data.

AES-256 provides strong, industry‑standard encryption suitable for financial and enterprise environments.

Encryption Key

Select Encryption Key

The Encryption Key dropdown allows you to select a pre-configured encryption key.

The selected key is used to:

  • Decrypt incoming request payloads
  • Encrypt outbound response payloads

Keys must be securely generated and stored.

Key Management Best Practices

  • Use strong, randomly generated 256-bit keys.
  • Rotate encryption keys periodically.
  • Avoid hardcoding keys in application code.
  • Restrict key access using role-based access control.

When to Use Payload Encryption

Payload encryption is recommended when:

  • Exchanging highly sensitive data (financial, personal, regulatory).
  • Required by partner integration agreements.
  • Required for regulatory compliance.
  • Additional application-layer encryption is mandated beyond TLS.

Important Considerations

  • The client must use the agreed encryption format and key.
  • Encryption failures will result in request rejection.
  • Ensure proper error handling for decryption errors.
  • Do not enable encryption unless integration partners are configured accordingly.

Summary

Payload Encryption in Connect provides application-level AES-256 encryption for service payloads.

By selecting an encryption key and enabling this feature, administrators can enforce stronger data protection controls for sensitive service integrations.