# Index

1. [When to use encryption?](#quando-integrar)
2. [How secure is it?](#seguranca)
3. [Working with symmetric encryption](#criptografia)
4. [Integrating with Infosimples API](#integracao)

## [When to use encryption?](#quando-integrar)
Use encryption when you want to prevent the parameters you send to the API from being transmitted or persisted in raw format.

This approach allows you to encrypt parameters before making the API request.


## [How secure is it?](#seguranca)
This approach makes your integration significantly secure. Highlights:

- The communication between your application and the API takes place only over HTTPS (TLS-encrypted connection), promoting integrity (data cannot be modified during transmission) and ensuring data can only be read by your application and the API;
- The parameters are encrypted with AES (256-bit key, GCM mode) before being transmitted over HTTPS, which adds another layer of security to the integration;
- The parameters are decrypted in-memory by the API and are completely purged after being used;
- Infosimples never persists the parameters, either raw or encrypted, in databases or other data storage structures;
- Infosimples only stores MD5 hashes of the parameters in order to validate reception was successful.


## [Working with symmetric encryption](#criptografia)
AES algorithm (256-bit key, GCM mode) is required for parameter encryption.

Your encryption key is linked to your account and can be found in the account settings. Use the interactive tool below to confirm your encryption implementation is compliant with what is expected by the API servers.

### Code examples
> The code examples below are based on the [AesBridge](https://github.com/mervick/aes-bridge) project.


#### Python
```python
# Tested with: Python 3.10.19, Python 3.14.0
# pip install aes-bridge
import aes_bridge

criptogram = aes_bridge.encrypt('DATA_EXAMPLE', 'ENCRYPTION_KEY').decode("ascii").replace("+", "-").replace("/", "_").replace("=", "")
```



## [Integrating with Infosimples API](#integracao)
Any service-specific parameter can be encrypted before being sent to the API. To do so, just prefix the parameter with `enc_` and the API will automatically decrypt it.

For instance, `cnpj` parameter could be encrypted and sent as `enc_cnpj`.

If you intend to encrypt a parameter whose value is binary, first convert the binary data into a Base64-encoded `string` and then apply the encryption.


## We're here to help
Do you still need to figure something out? Reach us at [suporte@infosimples.com.br](mailto:suporte@infosimples.com.br) and our highly qualified support team will be happy to help.