A minimal Next.js API with encrypt and decrypt endpoints using built-in JavaScript crypto.
- Install dependencies:
npm install- Run the development server:
npm run devPOST /api/encrypt
Request body:
{
"text": "Hello, World!",
"secretKey": "your-secret-key-here-32-chars-long",
"iv": "initialization-vector-hex-32-chars"
}Response:
{
"encrypted": "encrypted-hex-string"
}POST /api/decrypt
Request body:
{
"encrypted": "encrypted-hex-string",
"iv": "initialization-vector-hex-32-chars",
"secretKey": "your-secret-key-here-32-chars-long"
}Response:
{
"decrypted": "Hello, World!"
}# Generate a random IV (32 hex characters)
node -e "console.log(require('crypto').randomBytes(16).toString('hex'))"
# Encrypt
curl -X POST http://localhost:3000/api/encrypt \
-H "Content-Type: application/json" \
-d '{"text": "Hello, World!", "secretKey": "my-secret-key-32-chars-long", "iv": "0cd9b7299fa9eb8584e8f6df4b56724c"}'
# Decrypt
curl -X POST http://localhost:3000/api/decrypt \
-H "Content-Type: application/json" \
-d '{"encrypted": "encrypted-hex", "iv": "0cd9b7299fa9eb8584e8f6df4b56724c", "secretKey": "my-secret-key-32-chars-long"}'This app is ready to be deployed on Vercel. No environment variables needed - all parameters are passed with each request.
- Uses AES-256-CBC encryption
- IV must be provided with each request (32 hex characters)
- Secret key is required in each request
- The secret key should be at least 32 characters long for optimal security
- No secret keys or IVs are stored on the server
- Generate a new random IV for each encryption operation