# Create AES key (encrypted response)
Create an Advanced Encryption Standard (AES) key using bulk ID.
This endpoint uses JSON Web Encryption (JWE) to encrypt the response body at the message level. It takes a `public_key_id`, which refers to the public key you have already uploaded to the Pismo platform. Pismo uses this key to encrypt the response payload in accordance with the standard JWE protocol. To decrypt the response, you must use the corresponding private key.
For information about file encryption and AES keys, refer to the [File encryption](doc:file-signature-and-encryption#file-encryption) section in File signature and encryption.
The decrypted plaintext is a JSON object with fields:
```json
{
"aes_key": "245ca959580cae6317c8f8215cbae42c8b98bbf30d9f222b92db30df81a06f91"
"iv": "7b75d3b5a25e9651e69245fa844cf3ec"
}
# OpenAPI definition
````json
{
"openapi": "3.0.0",
"info": {
"title": "Banking - Transaction banking",
"version": "0.9.0",
"description": "Transaction banking API",
"contact": {
"name": "API Support",
"url": "https://developers.pismo.io/support/"
},
"license": {
"name": "Copyright Pismo"
}
},
"servers": [
{
"url": "https://sandbox.pismolabs.io",
"description": "Sandbox API server for testing"
}
],
"security": [
{
"BearerAuth": []
}
],
"tags": [
{
"name": "Bulk payment files",
"description": "Bulk payment file endpoints"
}
],
"components": {
"parameters": {
"BulkIdPath": {
"name": "bulkId",
"in": "path",
"description": "ID of the existing bulk payment file. This ID is client-generated.",
"schema": {
"type": "string"
},
"required": true,
"example": "b6cdccc4-f6bf-4218-9e5e-7fb8f66008e3"
}
},
"schemas": {
"CreateAESKeyResponse": {
"type": "string",
"description": "JWE in Compact Serialization (RFC 7516). Five base64url-encoded parts\nseparated by '.', in the form: protected.encrypted_key.iv.ciphertext.tag.",
"pattern": "^[A-Za-z0-9_-]+(\\.[A-Za-z0-9_-]+){4}$",
"example": "eyJhbGciOiJSU0.cG8IjDbOwrNmuFuu.cG8IjDbOwrNmuFuu.hRmQ0dLFA.Uo3S0eDP0GLkQW6LJVNi5"
},
"CreateAESKeyRequest": {
"description": "Create AES key request object",
"type": "object",
"example": {
"public_key_id": "string"
},
"properties": {
"public_key_id": {
"$ref": "#/components/schemas/PublicKeyID"
}
},
"required": [
"public_key_id"
]
},
"ErrorCode": {
"description": "Error code\n`minLength: 1`\n`maxLength: 12`\n",
"type": "string",
"minLength": 1,
"maxLength": 12,
"example": "WPMT0017"
},
"ErrorMessage": {
"description": "Error message\n`minLength: 1`\n`maxLength: 1000`\n",
"type": "string",
"minLength": 1,
"maxLength": 1000,
"example": "Invalid JSON payload received: Error unmarshalling request"
},
"ErrorResponse": {
"type": "object",
"properties": {
"code": {
"$ref": "#/components/schemas/ErrorCode"
},
"message": {
"$ref": "#/components/schemas/ErrorMessage"
}
}
},
"PublicKeyID": {
"type": "string",
"description": "ID of the public key. Only digits, letters, hyphens, and underscores are allowed, and cannot exceed 60 characters.",
"maximum": 60,
"example": "b6cdccc4-f6bf-4218-9e5e-7fb8f66008e3"
}
},
"responses": {
"401Unauthorized": {
"description": "Access token is missing or invalid"
},
"403Forbidden": {
"description": "The request has been lost"
},
"500InternalServer": {
"description": "Internal Server Error",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/ErrorResponse"
},
"examples": {
"Generic internal error": {
"value": {
"code": "ECMN9999",
"message": "Internal error"
}
}
}
}
}
}
},
"securitySchemes": {
"BearerAuth": {
"type": "http",
"scheme": "bearer",
"bearerFormat": "JWT"
}
}
},
"paths": {
"/corporate/v2/bulk-payments/encryption-keys/{bulkId}": {
"put": {
"summary": "Create AES key (encrypted response)",
"operationId": "corporate-bulk-payments-put-aes-keys-jwe",
"tags": [
"Bulk payment files"
],
"description": "Create an Advanced Encryption Standard (AES) key using bulk ID.
\n\nThis endpoint uses JSON Web Encryption (JWE) to encrypt the response body at the message level. It takes a `public_key_id`, which refers to the public key you have already uploaded to the Pismo platform. Pismo uses this key to encrypt the response payload in accordance with the standard JWE protocol. To decrypt the response, you must use the corresponding private key.\nFor information about file encryption and AES keys, refer to the [File encryption](https://developers.pismo.io/pismo-docs/docs/file-signature-and-encryption#file-encryption) section in File signature and encryption.\n\nThe decrypted plaintext is a JSON object with fields:\n```json\n{\n \"aes_key\": \"245ca959580cae6317c8f8215cbae42c8b98bbf30d9f222b92db30df81a06f91\"\n \"iv\": \"7b75d3b5a25e9651e69245fa844cf3ec\"\n}\n",
"parameters": [
{
"$ref": "#/components/parameters/BulkIdPath"
}
],
"requestBody": {
"description": "Create AES key request body",
"required": true,
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/CreateAESKeyRequest"
},
"examples": {
"Public key": {
"value": {
"public_key_id": "b6cdccc4-f6bf-4218-9e5e-7fb8f66008e3"
}
}
}
}
}
},
"responses": {
"200": {
"description": "Create AES key response",
"content": {
"application/jose": {
"schema": {
"$ref": "#/components/schemas/CreateAESKeyResponse"
},
"examples": {
"AES key response": {
"value": "eyJhbGciOiJSU0.cG8IjDbOwrNmuFuu.cG8IjDbOwrNmuFuu.hRmQ0dLFA.Uo3S0eDP0GLkQW6LJVNi5"
}
}
}
}
},
"401": {
"$ref": "#/components/responses/401Unauthorized"
},
"403": {
"$ref": "#/components/responses/403Forbidden"
},
"404": {
"description": "Not Found"
},
"500": {
"$ref": "#/components/responses/500InternalServer"
}
}
}
}
}
}
````