cURL
curl --request POST \
--url https://api.eka.care/abdm/v1/ecdh/decrypt \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"encrypted_data": "<string>",
"receiver_nonce": "<string>",
"receiver_private_key": "<string>",
"sender_nonce": "<string>",
"sender_public_key": "<string>"
}
'import requests
url = "https://api.eka.care/abdm/v1/ecdh/decrypt"
payload = {
"encrypted_data": "<string>",
"receiver_nonce": "<string>",
"receiver_private_key": "<string>",
"sender_nonce": "<string>",
"sender_public_key": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
encrypted_data: '<string>',
receiver_nonce: '<string>',
receiver_private_key: '<string>',
sender_nonce: '<string>',
sender_public_key: '<string>'
})
};
fetch('https://api.eka.care/abdm/v1/ecdh/decrypt', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.eka.care/abdm/v1/ecdh/decrypt",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'encrypted_data' => '<string>',
'receiver_nonce' => '<string>',
'receiver_private_key' => '<string>',
'sender_nonce' => '<string>',
'sender_public_key' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.eka.care/abdm/v1/ecdh/decrypt"
payload := strings.NewReader("{\n \"encrypted_data\": \"<string>\",\n \"receiver_nonce\": \"<string>\",\n \"receiver_private_key\": \"<string>\",\n \"sender_nonce\": \"<string>\",\n \"sender_public_key\": \"<string>\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.eka.care/abdm/v1/ecdh/decrypt")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"encrypted_data\": \"<string>\",\n \"receiver_nonce\": \"<string>\",\n \"receiver_private_key\": \"<string>\",\n \"sender_nonce\": \"<string>\",\n \"sender_public_key\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.eka.care/abdm/v1/ecdh/decrypt")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"encrypted_data\": \"<string>\",\n \"receiver_nonce\": \"<string>\",\n \"receiver_private_key\": \"<string>\",\n \"sender_nonce\": \"<string>\",\n \"sender_public_key\": \"<string>\"\n}"
response = http.request(request)
puts response.read_body{
"decrypted_data": "<string>"
}{
"code": 123,
"error": "<string>",
"source_error": {
"code": "<string>",
"message": "<string>"
}
}{
"code": 123,
"error": "<string>",
"source_error": {
"code": "<string>",
"message": "<string>"
}
}Encryption
Decrypt Data
Decrypt data using ECDH key exchange.
This API decrypts health data received from external HIPs/HIUs via ABDM. A shared secret is derived from the receiver’s private key and the sender’s public key. The IV and salt are computed from the XOR of sender and receiver nonces, and the data is decrypted using AES-256-GCM.
Algorithm details:
- Key Agreement: ECDH on Curve25519 (Weierstrass form)
- Key Derivation: HKDF-SHA256
- Symmetric Encryption: AES-256-GCM
- Nonce Handling: IV and salt are derived from XOR of sender and receiver nonces
For more details, refer to the ABDM Encryption and Decryption Guide.
POST
/
abdm
/
v1
/
ecdh
/
decrypt
cURL
curl --request POST \
--url https://api.eka.care/abdm/v1/ecdh/decrypt \
--header 'Authorization: Bearer <token>' \
--header 'Content-Type: application/json' \
--data '
{
"encrypted_data": "<string>",
"receiver_nonce": "<string>",
"receiver_private_key": "<string>",
"sender_nonce": "<string>",
"sender_public_key": "<string>"
}
'import requests
url = "https://api.eka.care/abdm/v1/ecdh/decrypt"
payload = {
"encrypted_data": "<string>",
"receiver_nonce": "<string>",
"receiver_private_key": "<string>",
"sender_nonce": "<string>",
"sender_public_key": "<string>"
}
headers = {
"Authorization": "Bearer <token>",
"Content-Type": "application/json"
}
response = requests.post(url, json=payload, headers=headers)
print(response.text)const options = {
method: 'POST',
headers: {Authorization: 'Bearer <token>', 'Content-Type': 'application/json'},
body: JSON.stringify({
encrypted_data: '<string>',
receiver_nonce: '<string>',
receiver_private_key: '<string>',
sender_nonce: '<string>',
sender_public_key: '<string>'
})
};
fetch('https://api.eka.care/abdm/v1/ecdh/decrypt', options)
.then(res => res.json())
.then(res => console.log(res))
.catch(err => console.error(err));<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api.eka.care/abdm/v1/ecdh/decrypt",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => json_encode([
'encrypted_data' => '<string>',
'receiver_nonce' => '<string>',
'receiver_private_key' => '<string>',
'sender_nonce' => '<string>',
'sender_public_key' => '<string>'
]),
CURLOPT_HTTPHEADER => [
"Authorization: Bearer <token>",
"Content-Type: application/json"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}package main
import (
"fmt"
"strings"
"net/http"
"io"
)
func main() {
url := "https://api.eka.care/abdm/v1/ecdh/decrypt"
payload := strings.NewReader("{\n \"encrypted_data\": \"<string>\",\n \"receiver_nonce\": \"<string>\",\n \"receiver_private_key\": \"<string>\",\n \"sender_nonce\": \"<string>\",\n \"sender_public_key\": \"<string>\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("Authorization", "Bearer <token>")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := io.ReadAll(res.Body)
fmt.Println(string(body))
}HttpResponse<String> response = Unirest.post("https://api.eka.care/abdm/v1/ecdh/decrypt")
.header("Authorization", "Bearer <token>")
.header("Content-Type", "application/json")
.body("{\n \"encrypted_data\": \"<string>\",\n \"receiver_nonce\": \"<string>\",\n \"receiver_private_key\": \"<string>\",\n \"sender_nonce\": \"<string>\",\n \"sender_public_key\": \"<string>\"\n}")
.asString();require 'uri'
require 'net/http'
url = URI("https://api.eka.care/abdm/v1/ecdh/decrypt")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'Bearer <token>'
request["Content-Type"] = 'application/json'
request.body = "{\n \"encrypted_data\": \"<string>\",\n \"receiver_nonce\": \"<string>\",\n \"receiver_private_key\": \"<string>\",\n \"sender_nonce\": \"<string>\",\n \"sender_public_key\": \"<string>\"\n}"
response = http.request(request)
puts response.read_body{
"decrypted_data": "<string>"
}{
"code": 123,
"error": "<string>",
"source_error": {
"code": "<string>",
"message": "<string>"
}
}{
"code": 123,
"error": "<string>",
"source_error": {
"code": "<string>",
"message": "<string>"
}
}Authorizations
The API requires a Bearer token (JWT) for authentication.
Body
application/json
Base64-encoded encrypted data to decrypt
Nonce associated with the receiver's key pair
Base64-encoded private key of the receiver
Nonce associated with the sender's key pair
Base64-encoded public key of the sender
Response
OK
Decrypted plaintext data
Was this page helpful?
⌘I

