The Google Workspace Client-side Encryption (CSE) API lets you own the encryption keys used to further encrypt Google Workspace data.
Methods
| Methods | |
|---|---|
digest |
POST https://{kacls_url}/digest Returns the checksum of an unwrapped DEK. |
takeout_unwrap |
POST https://{kacls_url}/takeout_unwrap Decrypts data exported from Google in a privileged context. |
rewrap |
POST https://{kacls_url}/rewrap Re-encrypts an encrypted DEK. |
status |
GET https://{kacls_url}/status Checks the status of a KACLS. |
unwrap |
POST https://{kacls_url}/unwrap Returns decrypted DEK. |
wrap |
POST https://{kacls_url}/wrap Returns encrypted DEK and associated data. |
Tokens
| Tokens | |
|---|---|
Authorization |
JWT issued by Google to verify that the caller is authorized to encrypt or decrypt a resource. |
Authentication |
JWT issued by the identity provider that attests user identity. |