> ## Documentation Index
> Fetch the complete documentation index at: https://developer.moneyone.in/llms.txt
> Use this file to discover all available pages before exploring further.

# Overview

> Overview of encryption requirements and implementation in PFM applications

PFM applications handle highly sensitive financial data that requires robust encryption mechanisms to ensure data security and regulatory compliance during transmission and storage.

## Why Encryption is Critical

Personal Finance Management systems process:

* **Banking transactions and account details**
* **Investment portfolios and holdings**
* **Personal financial information**
* **User authentication credentials**

All this sensitive financial data must be encrypted to:

* Protect against data breaches and unauthorized access
* Ensure compliance with financial regulations
* Maintain customer trust and data integrity
* Secure API communications between client and server

## Encryption in PFM Workflow

Encryption is implemented at multiple levels:

1. **Data in Transit**: All API communications are encrypted using HTTPS/TLS
2. **Data at Rest**: Sensitive data stored in databases is encrypted
3. **Client-Server Communication**: Additional encryption layers for API payloads

The encryption ensures that even if data is intercepted during transmission or accessed without authorization, it remains unreadable and secure.

## Encrypted API Contracts

Our PFM APIs use encrypted communication where both requests and responses are encrypted using the shared encryption keys.

**Important Note**: When encryption is enabled for your integration, it applies to all APIs and webhooks. All request/response payloads and webhook notifications will use the encrypted format described below.

### Request Format

Clients encrypt their JSON payload and send it in the following format:

```json theme={null}
{
  "ciphertext": "encrypted_request_data_here"
}
```

### Response Format

The server responds with encrypted data in the same format:

```json theme={null}
{
  "ciphertext": "encrypted_response_data_here"
}
```

### Communication Flow

1. **Client Side**:
   * Encrypts the JSON request payload using shared keys
   * Sends the encrypted data in the `ciphertext` field

2. **Server Side**:
   * Receives the encrypted request
   * Decrypts the request using shared keys
   * Processes the decrypted request
   * Encrypts the response data
   * Returns encrypted response in `ciphertext` field

3. **Client Side**:
   * Receives the encrypted response
   * Decrypts the `ciphertext` field using shared keys
   * Uses the decrypted JSON response data

This ensures that all sensitive financial data remains encrypted during transmission, providing end-to-end security for API communications.

## Available Encryption Types

Our platform currently supports the following encryption mechanisms:

* [AES-256-GCM](/pfm/aes-256-gcm): Symmetric encryption with authenticated encryption
* [RSA-AES Hybrid](/pfm/rsa-aes-hybrid): Asymmetric key exchange (RSA-2048) with symmetric data encryption (AES-256-CBC) and digital signatures
