Return encrypted API response

@JussiMannisto What you're talking about is not encryption.

@vincent15000 What do you mean? That's exactly what it is.

@JussiMannisto He probably means that the content of the API response has to be encrypted.

@vincent15000 The API response is encrypted when you use HTTPS. Just not by the application.

He has specified many times that he wants to encrypt the response to protect against data breaches. This is the exact reason why HTTPS is used.

@JussiMannisto Just read his question.

How can I return API encrypted response in laravel and then decrypt it from frontend.

How to encrypt and then decrypt, so it's not just httpS.

@vincent15000 I don't know what your point is. HTTPS encrypts the response on the server and decrypts it on the client. It does exactly what he wants, i.e. encrypts traffic to protect against data breaches. It's just done automatically (and securely!) by TCP/IP.

@JussiMannisto I know, but he has written this.

i want to known how can I return my api response in encrypted way, no matter whether my website uses ssl or not.

So he really think that it's possible no matter if it uses SSL or not. But what he tries to do is just impossible.

@martinbean I just only want to know how can I send api response in encrypted way to protect data breaches.

And so what should i do for this

 decryption key is also on the front end, so someone can then just use the same key to decrypt any other data that has been encrypted server-side with the same key.

@amitsolanki24_ You should slow down a bit. Ask yourself two questions:

1. If all API traffic is vulnerable to data breaches and manually encrypting the traffic is the solution, why doesn't the documentation or anyone on this forum ever mention it?
2. You've asked how to encrypt your requests and responses a few times now. Nobody's telling you how to do it manually. All they do is mention these five letters: HTTPS. Wonder why that is?

If you don't know what HTTPS is, the next step would be to study it until you do. It's something you must understand anyway as a developer. If then you can formulate a sensible reason as to why you need more encryption on top of it, you may get an answer.

As @martinbean pointed out, symmetric encryption does you no good. This is why asymmetric encryption is used. Learn about HTTPS.

@JussiMannisto I know that is HTTPS its a hyper text transfer protocol, uses port 443 , provide secure connection.

And I also know about what is cryptography (asymmetric and symmetric algorithm amd how its works) but i want to known how can I return my api response in encrypted way, no matter whether my website uses ssl or not.

Do you know any package, function or something else to do that.

Thanks for response .

@amitsolanki24_ I'm trying to explain to you that HTTPS encrypts your traffic. If you use HTTPS, both your requests and responses are encrypted.

If your server doesn't use HTTPS, then encrypting the response is pointless. You can encrypt it, but then your client can't read the message. Not without the decryption key. And if you send the decryption key to the client, then anyone listening to the traffic also has the key and can decrypt the message. Completely pointless.

i want to known how can I return my api response in encrypted way, no matter whether my website uses ssl or not.

@amitsolanki24_ And again, encrypting a response is pointless if the recipe on how to decrypt (i.e. the algorithm and decryption key) is stored in client-side code that people can read.

@JussiMannisto Yeah, I got it

@martinbean okay, means if somehow I encrypt my api response so I also need to send decryption key with api response, that is not good.

@amitsolanki24_ Yes, the users browser needs to have it to be able to decrypt it.

@amitsolanki24_ And again, what problem are you trying to solve? Why are you trying to encrypt a response in the first place? What are you trying to protect the response from?