> ## Documentation Index
> Fetch the complete documentation index at: https://docs.machines.cash/llms.txt
> Use this file to discover all available pages before exploring further.

# Encrypt plaintext with the data key



## OpenAPI

````yaml openapi.yaml post /partner/v1/encryption/encrypt
openapi: 3.1.0
info:
  title: Machines Cash API
  version: 0.3.0
  description: >
    API for KYC, cards, encryption, balances, deposits, transactions, and
    withdrawals.

    All responses use a consistent envelope by default: { ok, data, summary,
    errors[], next }.

    Set X-Open-Responses: 1 to receive Open Responses-style response objects.
servers:
  - url: https://api.machines.cash
    description: production
  - url: https://dev-api.machines.cash
    description: sandbox
security: []
tags:
  - name: users
  - name: sessions
  - name: kyc
  - name: kycValues
  - name: agreements
  - name: cards
  - name: encryption
  - name: balances
  - name: deposits
  - name: transactions
  - name: withdrawals
paths:
  /partner/v1/encryption/encrypt:
    parameters:
      - $ref: '#/components/parameters/OpenResponses'
      - $ref: '#/components/parameters/OpenResponsesCallId'
    post:
      tags:
        - encryption
      summary: Encrypt plaintext with the data key
      operationId: api.encryption.encrypt
      requestBody:
        required: true
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/EncryptionEncryptRequest'
      responses:
        '200':
          description: Encrypted value
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/EncryptionEncryptResponse'
        '400':
          $ref: '#/components/responses/BadRequest'
        '401':
          $ref: '#/components/responses/Unauthorized'
        '403':
          $ref: '#/components/responses/Forbidden'
        '503':
          $ref: '#/components/responses/ServiceUnavailable'
      security:
        - Session: []
components:
  parameters:
    OpenResponses:
      name: X-Open-Responses
      in: header
      required: false
      schema:
        type: string
        enum:
          - '1'
          - 'true'
      description: >-
        Return Open Responses-compatible output when set (replaces the default
        response envelope).
    OpenResponsesCallId:
      name: X-Open-Responses-Call-Id
      in: header
      required: false
      schema:
        type: string
        minLength: 1
      description: >-
        Tool call id used for function_call_output items when Open Responses
        mode is enabled.
  schemas:
    EncryptionEncryptRequest:
      type: object
      additionalProperties: false
      required:
        - value
      properties:
        value:
          type: string
          description: Plaintext value to encrypt.
      example:
        value: Ops Card
    EncryptionEncryptResponse:
      type: object
      additionalProperties: false
      required:
        - ok
        - data
        - summary
        - errors
      properties:
        ok:
          type: boolean
          const: true
        data:
          type: object
          additionalProperties: false
          required:
            - value
          properties:
            value:
              $ref: '#/components/schemas/EncryptedField'
        summary:
          type: string
        errors:
          type: array
          items:
            $ref: '#/components/schemas/ErrorDetail'
        next:
          $ref: '#/components/schemas/NextHint'
    EncryptedField:
      type: object
      description: >-
        Encrypted payload generated by `POST /encryption/encrypt` (recommended).
        Canonical field order is `v`, `iv`, `ct` (order doesn’t matter in JSON).
        See `/encryption`.
      additionalProperties: false
      required:
        - v
        - iv
        - ct
      properties:
        v:
          type: integer
          minimum: 1
          maximum: 1000000
          description: Schema version.
          example: 1
        iv:
          type: string
          description: Base64url-encoded IV (12 bytes).
          example: Qz4f2m7Hk1P9x0ab
        ct:
          type: string
          description: Base64url-encoded ciphertext + auth tag.
          example: Hdbb2yT2F4xWZL5m5bJX3eJb4n8wVhjPzqLw2h7i
    ErrorDetail:
      type: object
      additionalProperties: false
      required:
        - code
        - message
      properties:
        code:
          type: string
          example: invalid_request
        message:
          type: string
          example: missing required field
        field:
          type: string
          description: Optional field name that caused the error.
    NextHint:
      type: object
      additionalProperties: false
      properties:
        pollAfterMs:
          type: integer
          minimum: 0
        suggestedTool:
          type: string
        suggestedArgs:
          type: object
          additionalProperties: true
    ErrorResponse:
      type: object
      additionalProperties: false
      required:
        - ok
        - summary
        - errors
      properties:
        ok:
          type: boolean
          const: false
        summary:
          type: string
          example: invalid request
        errors:
          type: array
          items:
            $ref: '#/components/schemas/ErrorDetail'
        next:
          $ref: '#/components/schemas/NextHint'
  responses:
    BadRequest:
      description: Invalid request
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Unauthorized:
      description: Unauthorized
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    Forbidden:
      description: Forbidden
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
    ServiceUnavailable:
      description: Service unavailable
      content:
        application/json:
          schema:
            $ref: '#/components/schemas/ErrorResponse'
  securitySchemes:
    Session:
      type: http
      scheme: bearer
      bearerFormat: JWT

````