---
title: Decryption
description: Decrypt API responses using AES/CBC/PKCS5PADDING with your encryption key.
---

All the API responses are encrypted using the AES/CBC/PKCS5PADDING mechanism. The response received from the API needs to be decrypted using the provided encryption key.

#### Meaning of decryption key

A decryption key is used to reverse the encryption process and transform scrambled data back into its original, readable form. In cases where the same key is used for both encryption and decryption, this method is called symmetric encryption.We use the same key for both encryption and decryption in symmetric encryption.

![decryption key flow ](../../../../assets/decryption.png)
Implementation Steps:

```
 Step 1: Obtain the Encrypted Data

 Retrieve the encrypted data (ciphertext) from the API response.</p>

 Step 2: Decrypt the Data

 Decrypt the obtained ciphertext using the specified encryption algorithm and the same key that was used for encryption.

```

## Request Body

| Parameter | Type Value | Description | Value Like |
| --- | --- | --- | --- |
| response  required | String | The encrypted response string is received in the API. | `d96cc495EkT0yuZWFQvoTksxPVbkIyB` |
| encryptionkey  required | String  <br>(10-200) | The encryption key provided by airpay is used to decrypt all request payloads with the AES/CBC/PKCS5PADDING encryption mechanism. | `a197b462cb0350a093f34996f698dc94` |

## Success 200

| Parameter | Type Value | Description | Value Like |
| --- | --- | --- | --- |
| status_code  required | String | The status code signifies the API request's success or failure. | `200` |
| response_code  required | String | The response code shows whether the API request was successful or not. | `00` |
| status  required | String | The status indicates the API response's success or failure. | `success` |
| message  required | String | The message gives further information about the API response or error. | `Success` |
| data  required | Object | The data contains the actual content or information returned by the API response. | `{"merchant_id":"123356","ap_transactionid":"11314"}` |

## PHP

```php
<?php
  $response = "d96cc495EkT0yuZWFQvoTksxPVbkIyB";
  $encryptionkey = 'a197b462cb0350a093f34996f698dc94';
  $encdata = decrypt($response,$encryptionkey);

  function decrypt($response,$encryptionkey)
  {
      $iv = substr($response, 0, 16);
      $encryptedData = substr($response, 16);
      $decryptedData = openssl_decrypt(base64_decode($encryptedData), 'AES-256-CBC', $encryptionkey, OPENSSL_RAW_DATA, $iv);
      return json_decode($decryptedData);
  }
```

### Success Response

```json
{
 "status_code": "200",
 "response_code": "00",
 "status": "success",
 "message": "Success",
 "data": {
 	// API response data
 }
}
```

### Error Response

```json
{
    "status_code": "200",
    "response_code": "1234",
    "status": "fail",
    "message": "Invalid domain",
    "data": {}
}
```